Untriaged
Permalink
CVE-2025-6021
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
References
Affected products
rhcos
- *
libxml2
- *
- <2.14.4
discovery/discovery-server-rhel9
- *
Red Hat JBoss Core Services 2.4.62.SP2
insights-proxy/insights-proxy-container-rhel9
- *
registry.redhat.io/discovery/discovery-server-rhel9
- *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
- *
Matching in nixpkgs
pkgs.libxml2_13
XML parsing library for C
-
nixos-unstable -
- nixpkgs-unstable 2.13.8
pkgs.libxml2Python
None
-
nixos-unstable -
- nixpkgs-unstable 2.14.5
pkgs.sbclPackages.cl-libxml2
None
-
nixos-unstable -
- nixpkgs-unstable libxml2-20130615-git
pkgs.python312Packages.libxml2
XML parsing library for C
-
nixos-unstable -
- nixpkgs-unstable 2.14.5
pkgs.python313Packages.libxml2
XML parsing library for C
-
nixos-unstable -
- nixpkgs-unstable 2.14.5
pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libxml-2.0%22
Test whether libxml2-2.14.5 exposes pkg-config modules libxml-2.0
-
nixos-unstable -
- nixpkgs-unstable libxml2
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@gepbird Gutyina Gergő <gutyina.gergo.2@gmail.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
-
@nagy Daniel Nagy <danielnagy@posteo.de>
-
@hraban Hraban Luyat <hraban@0brg.net>
-
@lukego Luke Gorrie <luke@snabb.co>