Описание
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Отчет
The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).
Меры по смягчению последствий
There's no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libxml2 | Out of support scope | ||
| Red Hat JBoss Core Services | libxml2 | Affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Affected | ||
| Red Hat Enterprise Linux 10 | libxml2 | Fixed | RHSA-2025:10630 | 08.07.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | libxml2 | Fixed | RHSA-2025:12240 | 30.07.2025 |
| Red Hat Enterprise Linux 8 | libxml2 | Fixed | RHSA-2025:10698 | 09.07.2025 |
| Red Hat Enterprise Linux 8 | libxml2 | Fixed | RHSA-2025:10698 | 09.07.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | libxml2 | Fixed | RHSA-2025:12237 | 30.07.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | libxml2 | Fixed | RHSA-2025:12241 | 30.07.2025 |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | libxml2 | Fixed | RHSA-2025:12241 | 30.07.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.1 Critical
CVSS3
Связанные уязвимости
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
A vulnerability was found in libxml2. Processing certain sch:name elem ...
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
EPSS
9.1 Critical
CVSS3