CVE-2024-8176

High

Published: 14 March 2025

Published

14 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0080 74.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8176 is a high-severity Uncontrolled Recursion (CWE-674) vulnerability in Hartwork (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 25.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and remediation of flaws like the stack overflow in libexpat, directly eliminating the vulnerability through patching as in Red Hat errata.

SI-16 Memory Protection good match

prevent

Implements memory protections such as stack canaries and address space randomization to mitigate stack overflows from recursive entity expansion in libexpat.

SI-10 Information Input Validation partial match

prevent

Enforces validation of XML inputs to detect and reject deeply nested or malformed entity references that trigger the libexpat recursion vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The stack overflow from recursive XML entity expansion directly enables adversaries to crash affected applications, mapping to application/system exploitation for denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the…

stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

Deeper analysisAI

CVE-2024-8176 is a stack overflow vulnerability in the libexpat library, caused by improper handling of recursive entity expansion in XML documents. When parsing an XML document containing deeply nested entity references, libexpat recurses indefinitely, exhausting stack space and triggering a crash. This issue affects the libexpat library, which is widely used in applications that process XML.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low complexity, no privileges or user interaction required. Any unauthenticated attacker can supply a specially crafted XML document to an affected application using vulnerable libexpat, resulting in denial of service through application crashes. In certain environments or usage scenarios, it may also enable exploitable memory corruption.

Red Hat advisories address this vulnerability through updated packages in errata RHSA-2025:13681, RHSA-2025:22033, RHSA-2025:22034, RHSA-2025:22035, and RHSA-2025:22607. Security practitioners should apply these patches promptly to mitigate the risk in Red Hat environments relying on libexpat.