EUVD-2024-54057

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Stack overflow vulnerability in libexpat library causes denial of service or memory corruption risks.

Reporter	Title	Published	Views	Family All 298
IBM Security Bulletins	Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed	3 Dec 202506:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a stack overflow vulnerability in libexpat library [CVE-2024-8176]	13 Jun 202516:26	–	ibm
IBM Security Bulletins	Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP7 vulnerabilities CVE-2025-29482 (vulnerable), CVE-2024-8176 (not vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing	30 Mar 202609:37	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in expat library (CVE-2024-8176) affects Power HMC.	7 Jul 202505:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities found in IBM TXSeries for Multiplatforms.	7 Jul 202514:23	–	ibm
IBM Security Bulletins	Security Bulletin: AIX/VIOS is vulnerable to denial of service and possible code execution due to Perl (WS-2025-0004)	5 Feb 202622:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)	30 Sep 202508:36	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	20 May 202514:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Omnifind Text Search Server for DB2 for i is affected by multiple vulnerabilities[CVE-2017-12626,CVE-2023-44483,CVE-2023-45853,CVE-2024-8176,CVE-2024-11612,CVE-2024-50602,CVE-2025-27363,CVE-2025-29482,CVE-2025-48924,CVE-2025-53816]	20 Jun 202601:15	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is vulnerable to denial of service and possible code execution due to Perl (CVE-2024-8176, CVE-2024-56406)	26 Jun 202515:03	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "85b1c3f4-bbab-32fe-8d21-94d81c636181",
        "vendor": {
          "name": "Red Hat"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "19eef9b6-7454-3f70-b872-1c6052469cf7",
        "product": {
          "name": "Red Hat Enterprise Linux 9"
        },
        "product_version": "patch: 0:2.5.0-5.el9_6"
      },
      {
        "id": "1a99d242-183c-30c3-b298-d37834931cbf",
        "product": {
          "name": "Red Hat Discovery 1.14"
        },
        "product_version": "patch: sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644"
      },
      {
        "id": "219fff2d-8c57-3e74-af9f-41240c0bc92e",
        "product": {
          "name": "Red Hat Enterprise Linux 8.2 Advanced Update Support"
        },
        "product_version": "patch: 0:1.51.0-5.el8_2.2"
      },
      {
        "id": "252f9b1e-31a3-3e00-a4c3-4bedaedb45b3",
        "product": {
          "name": "Red Hat Discovery 1.14"
        },
        "product_version": "patch: sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e"
      },
      {
        "id": "29fb48df-a221-3884-92ce-b8c3c49b2c4f",
        "product": {
          "name": "Red Hat Enterprise Linux 8"
        },
        "product_version": "patch: 0:1.51.0-11.el8_10"
      },
      {
        "id": "2e4bd4f9-dbc7-33fa-a009-6af7e5303ab3",
        "product": {
          "name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support"
        },
        "product_version": "patch: 0:1.51.0-6.el8_6.1"
      },
      {
        "id": "2f3d2330-b84f-352a-9554-45944c5f742e",
        "product": {
          "name": "Red Hat Enterprise Linux 10"
        },
        "product_version": "patch: 0:2.7.1-1.el10_0"
      },
      {
        "id": "6ca35f97-2cdd-3ddb-a47d-30071ea4454d",
        "product": {
          "name": "DevWorkspace Operator 0.33"
        },
        "product_version": "patch: sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919"
      },
      {
        "id": "87ae880e-80f3-3bfd-a383-0ad100f3a974",
        "product": {
          "name": "Red Hat Enterprise Linux 9"
        },
        "product_version": "patch: 0:2.5.0-3.el9_5.3"
      },
      {
        "id": "894fc8a4-2515-3ca1-b962-dc7d06b6bf9d",
        "product": {
          "name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions"
        },
        "product_version": "patch: 0:1.51.0-6.el8_6.1"
      },
      {
        "id": "8a52f105-331f-3e4c-86b3-9f755988eb98",
        "product": {
          "name": "Red Hat Discovery 1.14"
        },
        "product_version": "patch: sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c"
      },
      {
        "id": "95003c17-87ec-3667-8851-cf31fcd27345",
        "product": {
          "name": "Red Hat Enterprise Linux 8.8 Extended Update Support"
        },
        "product_version": "patch: 0:1.51.0-8.el8_8.1"
      },
      {
        "id": "a4e5fcc0-660a-32f2-a876-6803fa5b2412",
        "product": {
          "name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support"
        },
        "product_version": "patch: 0:1.51.0-5.el8_4.2"
      },
      {
        "id": "b1c0bb35-6ca4-3d8b-92b8-71b1a79f7f4c",
        "product": {
          "name": "DevWorkspace Operator 0.33"
        },
        "product_version": "patch: sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd"
      },
      {
        "id": "b249b83a-6257-3e3a-b04a-4464e077db4b",
        "product": {
          "name": "DevWorkspace Operator 0.33"
        },
        "product_version": "patch: sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a"
      },
      {
        "id": "b3b01f99-f884-36e9-aaaf-f9af7d622073",
        "product": {
          "name": "Red Hat Enterprise Linux 8"
        },
        "product_version": "patch: 0:2.2.5-17.el8_10"
      },
      {
        "id": "c1688d8b-fb98-3748-9aad-b62c8fe98b02",
        "product": {
          "name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions"
        },
        "product_version": "patch: 0:1.51.0-5.el8_4.2"
      },
      {
        "id": "f2ae9d2e-16dd-353c-af35-936c06a09a77",
        "product": {
          "name": "DevWorkspace Operator 0.33"
        },
        "product_version": "patch: sha256:e74a7b34371e86a04a718c881664025f52b312d9a9cbd045214f869131b7cfbe"
      },
      {
        "id": "f73685a9-c57b-3572-870a-ccde88cd2e1b",
        "product": {
          "name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service"
        },
        "product_version": "patch: 0:1.51.0-5.el8_4.2"
      },
      {
        "id": "f901bc56-a0d9-3d9f-a96e-c8bc6efeaed7",
        "product": {
          "name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service"
        },
        "product_version": "patch: 0:1.51.0-6.el8_6.1"
      },
      {
        "id": "fecdf185-c600-3a42-b5f9-5dfdeb983322",
        "product": {
          "name": "Red Hat Discovery 1.14"
        },
        "product_version": "patch: sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2024-8176
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/libexpat/libexpat/issues/893
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-8176
blog	www.blog.hartwork.org/posts/expat-2-7-0-released
bugzilla	www.bugzilla.suse.com/show_bug.cgi
github	www.github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes
gitlab	www.gitlab.alpinelinux.org/alpine/aports/-/commit/d068c3ff36fc6f4789988a09c69b434db757db53
security-tracker	www.security-tracker.debian.org/tracker/CVE-2024-8176
ubuntu	www.ubuntu.com/security/CVE-2024-8176

03 Oct 2025 20:07Current

7.9High risk

Vulners AI Score7.9

CVSS 3.17.5

EPSS0.01569

SSVC