CVE-2024-8176

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-8176
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8176.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-8176
Related
Published
2025-03-14T09:15:14Z
Modified
2025-03-30T05:57:28.131782Z
Summary
[none]
Details

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

References

Affected packages

Alpine:v3.18 / expat

Package

Name
expat
Purl
pkg:apk/alpine/expat?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.0-r0

Affected versions

2.*

2.0.1-r0
2.0.1-r1
2.0.1-r2
2.0.1-r3
2.0.1-r4
2.0.1-r5
2.0.1-r6
2.1.0-r0
2.1.0-r1
2.1.0-r2
2.1.1-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.2.2-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.5-r0
2.2.6-r0
2.2.7-r0
2.2.7-r1
2.2.8-r0
2.2.9-r0
2.2.9-r1
2.2.10-r0
2.2.10-r1
2.3.0-r0
2.4.1-r0
2.4.2-r0
2.4.3-r0
2.4.4-r0
2.4.5-r0
2.4.6-r0
2.4.7-r0
2.4.8-r0
2.4.8-r1
2.4.9-r0
2.5.0-r0
2.5.0-r1
2.6.0-r0
2.6.2-r0
2.6.3-r0
2.6.4-r0

Alpine:v3.19 / expat

Package

Name
expat
Purl
pkg:apk/alpine/expat?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.0-r0

Affected versions

2.*

2.0.1-r0
2.0.1-r1
2.0.1-r2
2.0.1-r3
2.0.1-r4
2.0.1-r5
2.0.1-r6
2.1.0-r0
2.1.0-r1
2.1.0-r2
2.1.1-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.2.2-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.5-r0
2.2.6-r0
2.2.7-r0
2.2.7-r1
2.2.8-r0
2.2.9-r0
2.2.9-r1
2.2.10-r0
2.2.10-r1
2.3.0-r0
2.4.1-r0
2.4.2-r0
2.4.3-r0
2.4.4-r0
2.4.5-r0
2.4.6-r0
2.4.7-r0
2.4.8-r0
2.4.8-r1
2.4.9-r0
2.5.0-r0
2.5.0-r1
2.5.0-r2
2.6.0-r0
2.6.2-r0
2.6.3-r0
2.6.4-r0

Alpine:v3.20 / expat

Package

Name
expat
Purl
pkg:apk/alpine/expat?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.0-r0

Affected versions

2.*

2.0.1-r0
2.0.1-r1
2.0.1-r2
2.0.1-r3
2.0.1-r4
2.0.1-r5
2.0.1-r6
2.1.0-r0
2.1.0-r1
2.1.0-r2
2.1.1-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.2.2-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.5-r0
2.2.6-r0
2.2.7-r0
2.2.7-r1
2.2.8-r0
2.2.9-r0
2.2.9-r1
2.2.10-r0
2.2.10-r1
2.3.0-r0
2.4.1-r0
2.4.2-r0
2.4.3-r0
2.4.4-r0
2.4.5-r0
2.4.6-r0
2.4.7-r0
2.4.8-r0
2.4.8-r1
2.4.9-r0
2.5.0-r0
2.5.0-r1
2.5.0-r2
2.6.0-r0
2.6.1-r0
2.6.2-r0
2.6.3-r0
2.6.4-r0

Alpine:v3.21 / expat

Package

Name
expat
Purl
pkg:apk/alpine/expat?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.0-r0

Affected versions

2.*

2.0.1-r0
2.0.1-r1
2.0.1-r2
2.0.1-r3
2.0.1-r4
2.0.1-r5
2.0.1-r6
2.1.0-r0
2.1.0-r1
2.1.0-r2
2.1.1-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.2.2-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.5-r0
2.2.6-r0
2.2.7-r0
2.2.7-r1
2.2.8-r0
2.2.9-r0
2.2.9-r1
2.2.10-r0
2.2.10-r1
2.3.0-r0
2.4.1-r0
2.4.2-r0
2.4.3-r0
2.4.4-r0
2.4.5-r0
2.4.6-r0
2.4.7-r0
2.4.8-r0
2.4.8-r1
2.4.9-r0
2.5.0-r0
2.5.0-r1
2.5.0-r2
2.6.0-r0
2.6.1-r0
2.6.2-r0
2.6.3-r0
2.6.4-r0

Debian:11 / expat

Package

Name
expat
Purl
pkg:deb/debian/expat?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.10-2
2.2.10-2+deb11u1
2.2.10-2+deb11u2
2.2.10-2+deb11u3
2.2.10-2+deb11u4
2.2.10-2+deb11u5
2.2.10-2+deb11u6
2.3.0-1
2.4.1-1
2.4.1-2
2.4.1-3
2.4.2-1
2.4.3-1
2.4.3-2
2.4.3-3
2.4.4-1
2.4.5-1
2.4.5-2
2.4.6-1
2.4.7-1
2.4.8-1
2.4.8-2
2.4.9-1
2.5.0-1
2.5.0-2
2.6.0-1
2.6.1-1
2.6.1-2
2.6.2-1
2.6.2-2
2.6.3-1
2.6.3-2
2.6.4-1
2.7.0-1
2.7.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / expat

Package

Name
expat
Purl
pkg:deb/debian/expat?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.5.0-1
2.5.0-1+deb12u1
2.5.0-2
2.6.0-1
2.6.1-1
2.6.1-2
2.6.2-1
2.6.2-2
2.6.3-1
2.6.3-2
2.6.4-1
2.7.0-1
2.7.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / expat

Package

Name
expat
Purl
pkg:deb/debian/expat?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.0-1

Affected versions

2.*

2.5.0-1
2.5.0-2
2.6.0-1
2.6.1-1
2.6.1-2
2.6.2-1
2.6.2-2
2.6.3-1
2.6.3-2
2.6.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / gitlab.alpinelinux.org/alpine/aports

Affected ranges

Type
GIT
Repo
https://gitlab.alpinelinux.org/alpine/aports
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d068c3ff36fc6f4789988a09c69b434db757db53

Affected versions

v1.*

v1.10-branch
v1.9.0
v1.9.0_alpha10
v1.9.0_alpha11
v1.9.0_alpha12
v1.9.0_alpha13
v1.9.0_alpha14
v1.9.0_alpha15
v1.9.0_alpha16
v1.9.0_alpha17
v1.9.0_alpha18
v1.9.0_alpha7
v1.9.0_alpha8
v1.9.0_alpha9
v1.9.0_beta1
v1.9.0_beta2
v1.9.0_beta3
v1.9.0_beta4
v1.9.0_rc1
v1.9.0_rc2
v1.9.0_rc4
v1.9.0_rc5

Other

v101203
v101216
v101221
v101224
v110217
v110303
v110310
v110312
v110314
v110325
v110407
v110412
v110525
v110527
v110606
v110607
v110817
v110824
v110825
v110827
v111111
v120104
v120223
v120227
v120316
v120323
v120403
v120820
v120824
v120914
v121002
v121009
v121207
v121217
v130301
v130308
v130313
v130910
v131210
v131211
v140416
v140423
v140515
v140930
v141001
v141022
v150306
v160223
v20101203
v20101216
v20190227
v20190228
v20190408
v20190508
v20190707
v20190809
v20190925
v20191114
v20191219
v20200117
v20200122
v20200312
v20200319
v20200428
v20200626
v20200917
v20201218
v20210212
v20220316
v20220328
v20220715
v20220809
v20221110
v20230208
v20230329
v20230901
v20231219
v20240315
v20240329
v20240606
v20240807
v20240923
v20250108

v2.*

v2.0.0
v2.0.0_beta1
v2.0.0_beta2
v2.0.0_beta3
v2.0.0_beta4
v2.0.0_rc1
v2.0.0_rc2
v2.0.0_rc3
v2.1.0
v2.1.0_rc1
v2.1.0_rc2
v2.2.0_rc1
v2.2.0_rc2
v2.2.0_rc3
v2.2.0_rc4
v2.2.0_rc5
v2.3.0
v2.3.0_rc1
v2.3.0_rc2
v2.3.0_rc3
v2.3.0_rc4
v2.3.0_rc5
v2.3.0_rc6
v2.4.0
v2.4.0_rc1
v2.4.0_rc2
v2.4.0_rc3
v2.5.0
v2.5.0_rc1
v2.5.0_rc2
v2.6.0
v2.6.0_rc1
v2.6.0_rc2
v2.6.0_rc3
v2.6.0_rc4
v2.6.0_rc5
v2.6.0_rc6
v2.7.0
v2.7.0_rc1
v2.7.0_rc2
v2.7.0_rc3
v2.7.0_rc4
v2.7.0_rc5
v2.7.0_rc6

v3.*

v3.0.0
v3.0.0_rc1
v3.0.0_rc2
v3.0.0_rc3
v3.0.0_rc4
v3.0.0_rc5
v3.1.0
v3.1.0_rc1
v3.1.0_rc2
v3.1.0_rc3
v3.1.0_rc4
v3.1.0_rc5
v3.10.0
v3.10.0_rc1
v3.10.0_rc2
v3.10.0_rc3
v3.10.0_rc4
v3.10.0_rc5
v3.10.0_rc6
v3.10.0_rc7
v3.11.0
v3.11.0_rc2
v3.11.0_rc3
v3.11.0_rc4
v3.11.0_rc5
v3.11_rc1
v3.12.0
v3.12.0_rc1
v3.12.0_rc2
v3.12.0_rc3
v3.12.0_rc4
v3.12.0_rc5
v3.13.0
v3.13.0_rc1
v3.13.0_rc2
v3.13.0_rc3
v3.13.0_rc4
v3.13.0_rc5
v3.14.0
v3.14.0_rc1
v3.14.0_rc2
v3.14.0_rc3
v3.14.0_rc4
v3.15.0
v3.15.0_alpha20210730
v3.15.0_alpha20210804
v3.15.0_rc1
v3.15.0_rc2
v3.15.0_rc3
v3.15.0_rc4
v3.15.0_rc5
v3.15.0_rc6
v3.16.0
v3.16.0_rc1
v3.16.0_rc2
v3.16.0_rc3
v3.16.0_rc4
v3.16.0_rc5
v3.17.0
v3.17.0_rc1
v3.17.0_rc2
v3.17.0_rc3
v3.17.0_rc4
v3.18.0
v3.18.0_rc1
v3.18.0_rc2
v3.18.0_rc3
v3.18.0_rc4
v3.18.0_rc5
v3.18.0_rc6
v3.19.0
v3.19.0_rc1
v3.19.0_rc2
v3.19.0_rc3
v3.19.0_rc4
v3.2.0
v3.2.0_rc1
v3.2.0_rc2
v3.2.0_rc3
v3.2.0_rc4
v3.2.0_rc5
v3.20.0
v3.20.0_rc1
v3.20.0_rc2
v3.21.0
v3.21.0_rc1
v3.21.0_rc2
v3.21.0_rc3
v3.21.0_rc4
v3.21.0_rc5
v3.21.0_rc6
v3.21.0_rc7
v3.22.0_alpha20241224
v3.3.0
v3.3.0_rc1
v3.3.0_rc2
v3.3.0_rc3
v3.4.0
v3.4.0_rc1
v3.4.0_rc2
v3.4.0_rc3
v3.5.0
v3.5.0_rc1
v3.5.0_rc2
v3.5.0_rc3
v3.5.0_rc4
v3.5.0_rc5
v3.5.0_rc6
v3.5.0_rc7
v3.6.0
v3.6.0_rc1
v3.6.0_rc2
v3.6.0_rc3
v3.7.0
v3.7.0_rc1
v3.7.0_rc2
v3.7.0_rc3
v3.8.0
v3.8.0_rc1
v3.8.0_rc10
v3.8.0_rc2
v3.8.0_rc3
v3.8.0_rc4
v3.8.0_rc5
v3.8.0_rc6
v3.8.0_rc7
v3.8.0_rc8
v3.8.0_rc9
v3.9.0
v3.9.0_rc1
v3.9.0_rc2
v3.9.0_rc3
v3.9.0_rc4
v3.9.0_rc5
v3.9.0_rc6