VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-xbh1-6d4r-cbfa

Essentials
Severities (102)
References (51)
Severity details (30)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-xbh1-6d4r-cbfa
Aliases	CVE-2024-8176
Summary	libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-674

Uncontrolled Recursion

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:3531
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:3531
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:3734
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:3734
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:3913
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:3913
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:4048
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:4048
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:4446
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:4446
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:4447
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:4447
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:4448
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:4448
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:4449
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:4449
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:7444
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:7444
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:7512
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:7512
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:8385
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:8385
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8176.json
cvssv3.1	7.5	https://access.redhat.com/security/cve/CVE-2024-8176
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-8176
epss	0.0025	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00343	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00399	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00399	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00399	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00399	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00399	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.0065	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00693	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00737	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00737	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00737	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00737	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00737	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
epss	0.00737	https://api.first.org/data/v1/epss?cve=CVE-2024-8176
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=2310137
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2310137
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/libexpat/libexpat/issues/893
ssvc	Track	https://github.com/libexpat/libexpat/issues/893

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8176.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-8176
		https://blog.hartwork.org/posts/expat-2-7-0-released/
		https://bugzilla.suse.com/show_bug.cgi?id=1239618
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8176
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes#L40-L52
		https://gitlab.alpinelinux.org/alpine/aports/-/commit/d068c3ff36fc6f4789988a09c69b434db757db53
		https://security.netapp.com/advisory/ntap-20250328-0009/
		https://security-tracker.debian.org/tracker/CVE-2024-8176
		https://ubuntu.com/security/CVE-2024-8176
		https://www.kb.cert.org/vuls/id/760160
		http://www.openwall.com/lists/oss-security/2025/03/15/1
2310137		https://bugzilla.redhat.com/show_bug.cgi?id=2310137
893		https://github.com/libexpat/libexpat/issues/893
cpe:/a:redhat:devworkspace:0.33::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:devworkspace:0.33::el9
cpe:/a:redhat:discovery:1.14::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9
cpe:/a:redhat:enterprise_linux:8::crb		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb
cpe:/a:redhat:enterprise_linux:9::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:jboss_core_services:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
cpe:/a:redhat:openshift:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/a:redhat:rhel_eus:8.8::crb		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb
cpe:/o:redhat:enterprise_linux:10.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:8::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_aus:8.2::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos
cpe:/o:redhat:rhel_aus:8.4::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_aus:8.6::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.4::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_eus:8.8::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos
cpe:/o:redhat:rhel_tus:8.4::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos
CVE-2024-8176		https://access.redhat.com/security/cve/CVE-2024-8176
CVE-2024-8176		https://nvd.nist.gov/vuln/detail/CVE-2024-8176
RHSA-2025:3531		https://access.redhat.com/errata/RHSA-2025:3531
RHSA-2025:3734		https://access.redhat.com/errata/RHSA-2025:3734
RHSA-2025:3913		https://access.redhat.com/errata/RHSA-2025:3913
RHSA-2025:4048		https://access.redhat.com/errata/RHSA-2025:4048
RHSA-2025:4446		https://access.redhat.com/errata/RHSA-2025:4446
RHSA-2025:4447		https://access.redhat.com/errata/RHSA-2025:4447
RHSA-2025:4448		https://access.redhat.com/errata/RHSA-2025:4448
RHSA-2025:4449		https://access.redhat.com/errata/RHSA-2025:4449
RHSA-2025:7444		https://access.redhat.com/errata/RHSA-2025:7444
RHSA-2025:7512		https://access.redhat.com/errata/RHSA-2025:7512
RHSA-2025:8385		https://access.redhat.com/errata/RHSA-2025:8385
USN-7424-1		https://usn.ubuntu.com/7424-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:3531

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://access.redhat.com/errata/RHSA-2025:3531

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:3734

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://access.redhat.com/errata/RHSA-2025:3734

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:3913

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://access.redhat.com/errata/RHSA-2025:3913

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:4048

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://access.redhat.com/errata/RHSA-2025:4048

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:4446

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://access.redhat.com/errata/RHSA-2025:4446

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:4447

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://access.redhat.com/errata/RHSA-2025:4447

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:4448

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://access.redhat.com/errata/RHSA-2025:4448

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:4449

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://access.redhat.com/errata/RHSA-2025:4449

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:7444

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://access.redhat.com/errata/RHSA-2025:7444

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:7512

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://access.redhat.com/errata/RHSA-2025:7512

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:8385

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://access.redhat.com/errata/RHSA-2025:8385

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8176.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2024-8176

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://access.redhat.com/security/cve/CVE-2024-8176

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2310137

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2310137

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/libexpat/libexpat/issues/893

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/ Found at https://github.com/libexpat/libexpat/issues/893

Exploit Prediction Scoring System (EPSS)

Percentile	0.48292
EPSS Score	0.0025
Published At	April 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-03-28T05:41:55.582362+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8176.json	36.0.0