Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-32415

Опубликовано: 17 апр. 2025
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.

Отчет

To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.

Меры по смягчению последствий

Do not process untrusted files with the libxml2 library.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libxml2Out of support scope
Red Hat Enterprise Linux 7libxml2Affected
Red Hat JBoss Core Serviceslibxml2Affected
Red Hat OpenShift Container Platform 4rhcosAffected
Red Hat Enterprise Linux 10libxml2FixedRHSA-2025:1342907.08.2025
Red Hat Enterprise Linux 8libxml2FixedRHSA-2025:1320306.08.2025
Red Hat Enterprise Linux 8libxml2FixedRHSA-2025:1320306.08.2025
Red Hat Enterprise Linux 9libxml2FixedRHSA-2025:1342807.08.2025
Red Hat Enterprise Linux 9libxml2FixedRHSA-2025:1342807.08.2025

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2360768libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

EPSS

Процентиль: 6%
0.00027
Низкий

7.5 High

CVSS3

Связанные уязвимости

CVSS3: 2.9
ubuntu
4 месяца назад

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

CVSS3: 2.9
nvd
4 месяца назад

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

CVSS3: 7.5
msrc
3 месяца назад

Описание отсутствует

CVSS3: 2.9
debian
4 месяца назад

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNod ...

CVSS3: 7.5
redos
3 месяца назад

Уязвимость python3-libxml2

EPSS

Процентиль: 6%
0.00027
Низкий

7.5 High

CVSS3