Red Hat: CVE-2024-8176: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (Multiple Advisories)
Description
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
Solution(s)
- redhat-upgrade-expat
- redhat-upgrade-expat-debuginfo
- redhat-upgrade-expat-debugsource
- redhat-upgrade-expat-devel
- redhat-upgrade-xmlrpc-c
- redhat-upgrade-xmlrpc-c-apps-debuginfo
- redhat-upgrade-xmlrpc-c-c
- redhat-upgrade-xmlrpc-c-c-debuginfo
- redhat-upgrade-xmlrpc-c-client
- redhat-upgrade-xmlrpc-c-client-debuginfo
- redhat-upgrade-xmlrpc-c-debuginfo
- redhat-upgrade-xmlrpc-c-debugsource
- redhat-upgrade-xmlrpc-c-devel
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center