Описание
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
A flaw was found in libxml2 where improper handling of memory allocation failures in libxml2 can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.
Отчет
This vulnerability marked as moderate instead of important because memory allocation failures are not typically controllable by an attacker, limiting their exploitability. While improper handling of malloc failures can lead to crashes, memory leaks, or inconsistent states, it does not directly result in privilege escalation or arbitrary code execution. Additionally, in most real-world scenarios, failures due to memory exhaustion occur under extreme system stress rather than as part of an intentional attack vector.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libxml2 | Not affected | ||
| Red Hat Enterprise Linux 6 | libxml2 | Will not fix | ||
| Red Hat Enterprise Linux 7 | libxml2 | Will not fix | ||
| Red Hat JBoss Core Services | libxml2 | Affected | ||
| Discovery 1 for RHEL 9 | discovery/discovery-server-rhel9 | Fixed | RHSA-2025:1487 | 13.02.2025 |
| Discovery 1 for RHEL 9 | discovery/discovery-ui-rhel9 | Fixed | RHSA-2025:1487 | 13.02.2025 |
| Red Hat Enterprise Linux 8 | libxml2 | Fixed | RHSA-2025:1517 | 17.02.2025 |
| Red Hat Enterprise Linux 8 | libxml2 | Fixed | RHSA-2025:1517 | 17.02.2025 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | libxml2 | Fixed | RHSA-2025:2507 | 10.03.2025 |
| Red Hat Enterprise Linux 9 | libxml2 | Fixed | RHSA-2025:1350 | 12.02.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-af ...
EPSS
5.9 Medium
CVSS3