Описание
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.
Отчет
This vulnerability is rated as important because it involves a use-after-free flaw in the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions. A maliciously crafted XML document or schema, containing specific identity constraints, can be used to trigger this vulnerability and potentially gain unauthorized access or cause a denial-of-service condition.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libxml2 | Affected | ||
| Red Hat Enterprise Linux 6 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | libxml2 | Fixed | RHSA-2025:2673 | 12.03.2025 |
| Red Hat Enterprise Linux 8 | libxml2 | Fixed | RHSA-2025:2686 | 12.03.2025 |
| Red Hat Enterprise Linux 8 | libxml2 | Fixed | RHSA-2025:2686 | 12.03.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | libxml2 | Fixed | RHSA-2025:2654 | 11.03.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | libxml2 | Fixed | RHSA-2025:2660 | 11.03.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | libxml2 | Fixed | RHSA-2025:2660 | 11.03.2025 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | libxml2 | Fixed | RHSA-2025:2660 | 11.03.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | libxml2 | Fixed | RHSA-2025:2513 | 10.03.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free i ...
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
EPSS
8.1 High
CVSS3