Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged
(browse all)
Permalink CVE-2025-49796
created 5 months ago
Libxml: type confusion leads to denial of service (dos)

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

Affected products

rhcos
  • *
libxml2
  • <2.15.0
  • *
discovery/discovery-server-rhel9
  • *
Red Hat JBoss Core Services 2.4.62.SP2
web-terminal/web-terminal-tooling-rhel9
  • *
cert-manager/jetstack-cert-manager-rhel9
  • *
web-terminal/web-terminal-rhel9-operator
  • *
openshift-serverless-1/logic-rhel8-operator
  • *
openshift-serverless-1/logic-operator-bundle
  • *
insights-proxy/insights-proxy-container-rhel9
  • *
openshift-serverless-1/logic-swf-builder-rhel8
  • *
openshift-serverless-1/logic-swf-devmode-rhel8
  • *
compliance/openshift-file-integrity-rhel8-operator
  • *
openshift-serverless-1/logic-db-migrator-tool-rhel8
  • *
registry.redhat.io/discovery/discovery-server-rhel9
  • *
openshift-serverless-1/logic-management-console-rhel8
  • *
openshift-serverless-1/logic-data-index-ephemeral-rhel8
  • *
openshift-serverless-1/logic-data-index-postgresql-rhel8
  • *
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8
  • *
openshift-serverless-1/logic-jobs-service-postgresql-rhel8
  • *
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8
  • *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
  • *

Matching in nixpkgs

pkgs.libxml2

XML parsing library for C

  • nixos-unstable -

Package maintainers