csaf_redhat - rhsa-2025:3734

rhsa-2025:3734

Vulnerability from csaf_redhat

Published

2025-04-09 05:01

Modified

2025-08-14 15:34

Summary

Red Hat Security Advisory: DevWorkspace Operator 0.33.0 release.

Notes

Topic

DevWorkspace Operator 0.33.0 has been released.

Details

The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Security Fix(es): * libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "DevWorkspace Operator 0.33.0 has been released.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Security Fix(es): * libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:3734",
        "url": "https://access.redhat.com/errata/RHSA-2025:3734"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2024-8176",
        "url": "https://access.redhat.com/security/cve/CVE-2024-8176"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification",
        "url": "https://access.redhat.com/security/updates/classification"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3734.json"
      }
    ],
    "title": "Red Hat Security Advisory: DevWorkspace Operator 0.33.0 release.",
    "tracking": {
      "current_release_date": "2025-08-14T15:34:06+00:00",
      "generator": {
        "date": "2025-08-14T15:34:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHSA-2025:3734",
      "initial_release_date": "2025-04-09T05:01:50+00:00",
      "revision_history": [
        {
          "date": "2025-04-09T05:01:50+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-04-09T05:01:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-08-14T15:34:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "DevWorkspace Operator 0.33",
                "product": {
                  "name": "DevWorkspace Operator 0.33",
                  "product_id": "DevWorkspace Operator 0.33",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:devworkspace:0.33::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "DevWorkspace Operator"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:d42bb742b2ecbc5c8c90202c6231f161dee071b7d7c5ebf4732aa36c42064794_amd64",
                "product": {
                  "name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:d42bb742b2ecbc5c8c90202c6231f161dee071b7d7c5ebf4732aa36c42064794_amd64",
                  "product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:d42bb742b2ecbc5c8c90202c6231f161dee071b7d7c5ebf4732aa36c42064794_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3Ad42bb742b2ecbc5c8c90202c6231f161dee071b7d7c5ebf4732aa36c42064794?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=0.33-1744077845"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:ba95eb891941a5057fdba86090df7e84469e0afdf46745f98471456fb242bcfe_amd64",
                "product": {
                  "name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:ba95eb891941a5057fdba86090df7e84469e0afdf46745f98471456fb242bcfe_amd64",
                  "product_id": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:ba95eb891941a5057fdba86090df7e84469e0afdf46745f98471456fb242bcfe_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devworkspace-operator-bundle@sha256%3Aba95eb891941a5057fdba86090df7e84469e0afdf46745f98471456fb242bcfe?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=0.33-1744081731"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:e74a7b34371e86a04a718c881664025f52b312d9a9cbd045214f869131b7cfbe_amd64",
                "product": {
                  "name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:e74a7b34371e86a04a718c881664025f52b312d9a9cbd045214f869131b7cfbe_amd64",
                  "product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:e74a7b34371e86a04a718c881664025f52b312d9a9cbd045214f869131b7cfbe_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3Ae74a7b34371e86a04a718c881664025f52b312d9a9cbd045214f869131b7cfbe?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=0.33-1744075017"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:114baaa70414618ba258fe6a67d3ea9d1f7dcc6f6dfb1230e64193d401ea4281_s390x",
                "product": {
                  "name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:114baaa70414618ba258fe6a67d3ea9d1f7dcc6f6dfb1230e64193d401ea4281_s390x",
                  "product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:114baaa70414618ba258fe6a67d3ea9d1f7dcc6f6dfb1230e64193d401ea4281_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A114baaa70414618ba258fe6a67d3ea9d1f7dcc6f6dfb1230e64193d401ea4281?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=0.33-1744077845"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919_s390x",
                "product": {
                  "name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919_s390x",
                  "product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=0.33-1744075017"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:1301ce1b524de3ea93612ea5565f301606ad50ba6b62c212b0ec73ee0fdc7e2c_ppc64le",
                "product": {
                  "name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:1301ce1b524de3ea93612ea5565f301606ad50ba6b62c212b0ec73ee0fdc7e2c_ppc64le",
                  "product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:1301ce1b524de3ea93612ea5565f301606ad50ba6b62c212b0ec73ee0fdc7e2c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A1301ce1b524de3ea93612ea5565f301606ad50ba6b62c212b0ec73ee0fdc7e2c?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=0.33-1744077845"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd_ppc64le",
                "product": {
                  "name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd_ppc64le",
                  "product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=0.33-1744075017"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:0298a18fc46d73a5623d9bcc794c88770b04d2ed2b426c278ff69df02f781f3a_arm64",
                "product": {
                  "name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:0298a18fc46d73a5623d9bcc794c88770b04d2ed2b426c278ff69df02f781f3a_arm64",
                  "product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:0298a18fc46d73a5623d9bcc794c88770b04d2ed2b426c278ff69df02f781f3a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A0298a18fc46d73a5623d9bcc794c88770b04d2ed2b426c278ff69df02f781f3a?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=0.33-1744077845"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a_arm64",
                "product": {
                  "name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a_arm64",
                  "product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3Ab41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=0.33-1744075017"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:ba95eb891941a5057fdba86090df7e84469e0afdf46745f98471456fb242bcfe_amd64 as a component of DevWorkspace Operator 0.33",
          "product_id": "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:ba95eb891941a5057fdba86090df7e84469e0afdf46745f98471456fb242bcfe_amd64"
        },
        "product_reference": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:ba95eb891941a5057fdba86090df7e84469e0afdf46745f98471456fb242bcfe_amd64",
        "relates_to_product_reference": "DevWorkspace Operator 0.33"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd_ppc64le as a component of DevWorkspace Operator 0.33",
          "product_id": "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd_ppc64le"
        },
        "product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd_ppc64le",
        "relates_to_product_reference": "DevWorkspace Operator 0.33"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919_s390x as a component of DevWorkspace Operator 0.33",
          "product_id": "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919_s390x"
        },
        "product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919_s390x",
        "relates_to_product_reference": "DevWorkspace Operator 0.33"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a_arm64 as a component of DevWorkspace Operator 0.33",
          "product_id": "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a_arm64"
        },
        "product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a_arm64",
        "relates_to_product_reference": "DevWorkspace Operator 0.33"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:e74a7b34371e86a04a718c881664025f52b312d9a9cbd045214f869131b7cfbe_amd64 as a component of DevWorkspace Operator 0.33",
          "product_id": "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:e74a7b34371e86a04a718c881664025f52b312d9a9cbd045214f869131b7cfbe_amd64"
        },
        "product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:e74a7b34371e86a04a718c881664025f52b312d9a9cbd045214f869131b7cfbe_amd64",
        "relates_to_product_reference": "DevWorkspace Operator 0.33"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:0298a18fc46d73a5623d9bcc794c88770b04d2ed2b426c278ff69df02f781f3a_arm64 as a component of DevWorkspace Operator 0.33",
          "product_id": "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:0298a18fc46d73a5623d9bcc794c88770b04d2ed2b426c278ff69df02f781f3a_arm64"
        },
        "product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:0298a18fc46d73a5623d9bcc794c88770b04d2ed2b426c278ff69df02f781f3a_arm64",
        "relates_to_product_reference": "DevWorkspace Operator 0.33"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:114baaa70414618ba258fe6a67d3ea9d1f7dcc6f6dfb1230e64193d401ea4281_s390x as a component of DevWorkspace Operator 0.33",
          "product_id": "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:114baaa70414618ba258fe6a67d3ea9d1f7dcc6f6dfb1230e64193d401ea4281_s390x"
        },
        "product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:114baaa70414618ba258fe6a67d3ea9d1f7dcc6f6dfb1230e64193d401ea4281_s390x",
        "relates_to_product_reference": "DevWorkspace Operator 0.33"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:1301ce1b524de3ea93612ea5565f301606ad50ba6b62c212b0ec73ee0fdc7e2c_ppc64le as a component of DevWorkspace Operator 0.33",
          "product_id": "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:1301ce1b524de3ea93612ea5565f301606ad50ba6b62c212b0ec73ee0fdc7e2c_ppc64le"
        },
        "product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:1301ce1b524de3ea93612ea5565f301606ad50ba6b62c212b0ec73ee0fdc7e2c_ppc64le",
        "relates_to_product_reference": "DevWorkspace Operator 0.33"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:d42bb742b2ecbc5c8c90202c6231f161dee071b7d7c5ebf4732aa36c42064794_amd64 as a component of DevWorkspace Operator 0.33",
          "product_id": "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:d42bb742b2ecbc5c8c90202c6231f161dee071b7d7c5ebf4732aa36c42064794_amd64"
        },
        "product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:d42bb742b2ecbc5c8c90202c6231f161dee071b7d7c5ebf4732aa36c42064794_amd64",
        "relates_to_product_reference": "DevWorkspace Operator 0.33"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Jann Horn"
          ],
          "organization": "Google Project Zero"
        },
        {
          "names": [
            "Tomas Korbar",
            "Sandipan Roy"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        },
        {
          "names": [
            "Sebastian Pipping"
          ],
          "organization": "libexpat"
        }
      ],
      "cve": "CVE-2024-8176",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2024-06-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:ba95eb891941a5057fdba86090df7e84469e0afdf46745f98471456fb242bcfe_amd64",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:0298a18fc46d73a5623d9bcc794c88770b04d2ed2b426c278ff69df02f781f3a_arm64",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:114baaa70414618ba258fe6a67d3ea9d1f7dcc6f6dfb1230e64193d401ea4281_s390x",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:1301ce1b524de3ea93612ea5565f301606ad50ba6b62c212b0ec73ee0fdc7e2c_ppc64le",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:d42bb742b2ecbc5c8c90202c6231f161dee071b7d7c5ebf4732aa36c42064794_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2310137"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "All supported Red Hat offerings are built with the compilation flag (-fstack-clash-protection) which reduces the impact to Moderate. This build configuration blocks the possibility of an attacker gaining arbitrary code execution even if a stack-clash vulnerability, like this one, could be exploited.\n\nThis vulnerability is rated Moderate because Red Hat builds use the `-fstack-clash-protection` compiler flag, which mitigates the risk of arbitrary code execution from stack overflows. While the flaw allows a crash via uncontrolled recursion in XML parsing, the hardened stack layout prevents reliable memory corruption, limiting the impact to a Denial of Service (DoS) scenario.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-674: Uncontrolled Recursion vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation controls ensure that inputs triggering recursion are validated to stay within safe limits, which reduces the risk of infinite or excessive recursion. The implementation of least functionality on the platform further restricts potential impacts of recursions by disabling unnecessary recursive functions or features, thus reducing the available pathways for a would-be attacker. The inclusion of developer testing and evaluation ensures that recursive functions are tested and that safeguards like error handling are in place. In the case of successful exploitation, detection and containment controls are in place to limit impacts by alerting on anomalous system behavior in real time, while process isolation can limit impacts to a single process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd_ppc64le",
          "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919_s390x",
          "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a_arm64",
          "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:e74a7b34371e86a04a718c881664025f52b312d9a9cbd045214f869131b7cfbe_amd64"
        ],
        "known_not_affected": [
          "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:ba95eb891941a5057fdba86090df7e84469e0afdf46745f98471456fb242bcfe_amd64",
          "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:0298a18fc46d73a5623d9bcc794c88770b04d2ed2b426c278ff69df02f781f3a_arm64",
          "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:114baaa70414618ba258fe6a67d3ea9d1f7dcc6f6dfb1230e64193d401ea4281_s390x",
          "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:1301ce1b524de3ea93612ea5565f301606ad50ba6b62c212b0ec73ee0fdc7e2c_ppc64le",
          "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:d42bb742b2ecbc5c8c90202c6231f161dee071b7d7c5ebf4732aa36c42064794_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-8176"
        },
        {
          "category": "external",
          "summary": "RHBZ#2310137",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-8176",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176"
        },
        {
          "category": "external",
          "summary": "https://github.com/libexpat/libexpat/issues/893",
          "url": "https://github.com/libexpat/libexpat/issues/893"
        }
      ],
      "release_date": "2025-03-13T13:51:54.957000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-04-09T05:01:50+00:00",
          "details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.14 or higher.",
          "product_ids": [
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd_ppc64le",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919_s390x",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a_arm64",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:e74a7b34371e86a04a718c881664025f52b312d9a9cbd045214f869131b7cfbe_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:3734"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:ba95eb891941a5057fdba86090df7e84469e0afdf46745f98471456fb242bcfe_amd64",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd_ppc64le",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919_s390x",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a_arm64",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:e74a7b34371e86a04a718c881664025f52b312d9a9cbd045214f869131b7cfbe_amd64",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:0298a18fc46d73a5623d9bcc794c88770b04d2ed2b426c278ff69df02f781f3a_arm64",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:114baaa70414618ba258fe6a67d3ea9d1f7dcc6f6dfb1230e64193d401ea4281_s390x",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:1301ce1b524de3ea93612ea5565f301606ad50ba6b62c212b0ec73ee0fdc7e2c_ppc64le",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:d42bb742b2ecbc5c8c90202c6231f161dee071b7d7c5ebf4732aa36c42064794_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:ba95eb891941a5057fdba86090df7e84469e0afdf46745f98471456fb242bcfe_amd64",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd_ppc64le",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919_s390x",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a_arm64",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:e74a7b34371e86a04a718c881664025f52b312d9a9cbd045214f869131b7cfbe_amd64",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:0298a18fc46d73a5623d9bcc794c88770b04d2ed2b426c278ff69df02f781f3a_arm64",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:114baaa70414618ba258fe6a67d3ea9d1f7dcc6f6dfb1230e64193d401ea4281_s390x",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:1301ce1b524de3ea93612ea5565f301606ad50ba6b62c212b0ec73ee0fdc7e2c_ppc64le",
            "DevWorkspace Operator 0.33:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:d42bb742b2ecbc5c8c90202c6231f161dee071b7d7c5ebf4732aa36c42064794_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat"
    }
  ]
}

CVE-2024-8176 (GCVE-0-2024-8176)

Vulnerability from cvelistv5

Published

2025-03-14 08:19

Modified

2025-08-14 15:28

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion

Summary

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:13681	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:3531	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:3734	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:3913	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4048	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4446	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4447	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4448	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4449	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7444	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7512	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8385	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-8176	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2310137	issue-tracking, x_refsource_REDHAT
	https://github.com/libexpat/libexpat/issues/893

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:2.7.1-1.el10_0 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.2.5-17.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:1.51.0-11.el8_10 < * cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:1.51.0-5.el8_2.2 < * cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:1.51.0-5.el8_4.2 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:1.51.0-5.el8_4.2 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 0:1.51.0-5.el8_4.2 < * cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:1.51.0-6.el8_6.1 < * cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:1.51.0-6.el8_6.1 < * cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:1.51.0-6.el8_6.1 < * cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:1.51.0-8.el8_8.1 < * cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::crb
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.5.0-3.el9_5.3 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.5.0-5.el9_6 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.5.0-3.el9_5.3 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.5.0-5.el9_6 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat JBoss Core Services 2.4.62.SP1	cpe:/a:redhat:jboss_core_services:1
Red Hat	DevWorkspace Operator 0.33	Unaffected: sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a < * cpe:/a:redhat:devworkspace:0.33::el9
Red Hat	Red Hat Discovery 1.14	Unaffected: sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63 < * cpe:/a:redhat:discovery:1.14::el9
Red Hat	Red Hat Discovery 1.14	Unaffected: sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644 < * cpe:/a:redhat:discovery:1.14::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Show details on NVD website