AZL-58641

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58641.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-58641

Upstream

CVE-2024-8176

Published

2025-03-14T09:15:14Z

Modified

2026-04-01T05:19:19.845542Z

Summary

CVE-2024-8176 affecting package expat for versions less than 2.6.4-1

Details

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-8176

Affected packages

Azure Linux:2 / expat

Package

Name: expat
Purl: pkg:rpm/azure-linux/expat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.4-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58641.json"