CVE-2025-32414

Опубликовано: 08 апр. 2025

Источник: redhat

CVSS3: 5.6

Описание

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access via incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw, due to a mismatch between bytes and characters.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	libxml2	Fix deferred
Red Hat Enterprise Linux 6	libxml2	Fix deferred
Red Hat Enterprise Linux 7	libxml2	Fix deferred
Red Hat Enterprise Linux 9	libxml2	Affected
Red Hat JBoss Core Services	libxml2	Fix deferred
Red Hat OpenShift Container Platform 4	rhcos	Fix deferred
Red Hat Enterprise Linux 8	libxml2	Fixed	RHSA-2025:8958	11.06.2025
Red Hat Enterprise Linux 8	libxml2	Fixed	RHSA-2025:8958	11.06.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-393

https://bugzilla.redhat.com/show_bug.cgi?id=2358121libxml2: Out-of-Bounds Read in libxml2

5.6 Medium

CVSS3

Связанные уязвимости

CVE-2025-32414

CVSS3: 5.6

ubuntu

2 месяца назад

CVE-2025-32414

CVSS3: 5.6

nvd

2 месяца назад

CVE-2025-32414

CVSS3: 7.5

msrc

23 дня назад

Описание отсутствует

CVE-2025-32414

CVSS3: 5.6

debian

2 месяца назад

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memor ...

ROS-20250424-34

CVSS3: 7.5

redos

около 2 месяцев назад

Уязвимость python2-libxml2

5.6 Medium

CVSS3