Cyber Resilience

CVE-2024-8176

HighDDoS

Published: 14 March 2025

Published
14 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0080 74.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8176 is a high-severity Uncontrolled Recursion (CWE-674) vulnerability in Hartwork (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 25.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-8176 is a stack overflow vulnerability in the libexpat library, caused by improper handling of recursive entity expansion in XML documents. When parsing an XML document containing deeply nested entity references, libexpat recurses indefinitely, exhausting stack space and triggering a crash. This issue affects the libexpat library, which is widely used in applications that process XML.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low complexity, no privileges or user interaction required. Any unauthenticated attacker can supply a specially crafted XML document to an affected application using vulnerable libexpat, resulting in denial of service through application crashes. In certain environments or usage scenarios, it may also enable exploitable memory corruption.

Red Hat advisories address this vulnerability through updated packages in errata RHSA-2025:13681, RHSA-2025:22033, RHSA-2025:22034, RHSA-2025:22035, and RHSA-2025:22607. Security practitioners should apply these patches promptly to mitigate the risk in Red Hat environments relying on libexpat.

EU & UK References

Vulnerability details

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the…

more

stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The stack overflow from recursive XML entity expansion directly enables adversaries to crash affected applications, mapping to application/system exploitation for denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-34211Shared CWE-674
CVE-2026-39376Shared CWE-674
CVE-2026-32141Shared CWE-674
CVE-2026-44289Shared CWE-674
CVE-2026-32944Shared CWE-674
CVE-2025-70957Shared CWE-674
CVE-2026-32933Shared CWE-674
CVE-2026-33498Shared CWE-674
CVE-2026-42039Shared CWE-674
CVE-2026-6479Shared CWE-674

Affected Assets

Hartwork
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and remediation of flaws like the stack overflow in libexpat, directly eliminating the vulnerability through patching as in Red Hat errata.

prevent

Implements memory protections such as stack canaries and address space randomization to mitigate stack overflows from recursive entity expansion in libexpat.

prevent

Enforces validation of XML inputs to detect and reject deeply nested or malformed entity references that trigger the libexpat recursion vulnerability.

References