Описание
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.
Отчет
This vulnerability is rated as important because it involves a stack-based buffer overflow in the xmlSnprintfElements function within valid.c. Exploiting this issue requires DTD validation to occur on an untrusted document or untrusted DTD, making it a potential security risk for applications using libxml2 that do not adequately restrict DTD input.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libxml2 | Affected | ||
| Red Hat Enterprise Linux 6 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | libxml2 | Fixed | RHSA-2025:2673 | 12.03.2025 |
| Red Hat Enterprise Linux 8 | libxml2 | Fixed | RHSA-2025:2686 | 12.03.2025 |
| Red Hat Enterprise Linux 8 | libxml2 | Fixed | RHSA-2025:2686 | 12.03.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | libxml2 | Fixed | RHSA-2025:2654 | 11.03.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | libxml2 | Fixed | RHSA-2025:2660 | 11.03.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | libxml2 | Fixed | RHSA-2025:2660 | 11.03.2025 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | libxml2 | Fixed | RHSA-2025:2660 | 11.03.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | libxml2 | Fixed | RHSA-2025:2513 | 10.03.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buff ...
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
EPSS
7.8 High
CVSS3