Описание
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
Отчет
This vulnerability is rated Low for Red Hat products. The flaw in libxml2's RelaxNG include handling requires attacker-controlled schema input to trigger unbounded recursion, leading to a denial of service. Exploitation is limited to scenarios where applications process untrusted RelaxNG schema files.
Меры по смягчению последствий
To mitigate this issue, restrict applications using libxml2 from processing untrusted RelaxNG schema files. Implement strict input validation and sanitization for all RelaxNG schema inputs to prevent the parsing of maliciously crafted, deeply nested include directives.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libxml2 | Fix deferred | ||
| Red Hat Enterprise Linux 6 | libxml2 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | libxml2 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | libxml2 | Fix deferred | ||
| Red Hat Enterprise Linux 9 | libxml2 | Fix deferred | ||
| Red Hat JBoss Core Services | libxml2 | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS3
Связанные уязвимости
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
Libxml2: unbounded relaxng include recursion leading to stack overflow
A flaw was identified in the RelaxNG parser of libxml2 related to how ...
EPSS
3.7 Low
CVSS3