Untriaged
Permalink
CVE-2025-6170
2.5 LOW
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): LOW
Libxml2: stack buffer overflow in xmllint interactive shell command handling
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.
References
Affected products
rhcos
libxml2
- <2.14.5
Matching in nixpkgs
pkgs.libxml2_13
XML parsing library for C
-
nixos-unstable -
- nixpkgs-unstable 2.13.8
pkgs.libxml2Python
None
-
nixos-unstable -
- nixpkgs-unstable 2.14.5
pkgs.sbclPackages.cl-libxml2
None
-
nixos-unstable -
- nixpkgs-unstable libxml2-20130615-git
pkgs.python312Packages.libxml2
XML parsing library for C
-
nixos-unstable -
- nixpkgs-unstable 2.14.5
pkgs.python313Packages.libxml2
XML parsing library for C
-
nixos-unstable -
- nixpkgs-unstable 2.14.5
pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libxml-2.0%22
Test whether libxml2-2.14.5 exposes pkg-config modules libxml-2.0
-
nixos-unstable -
- nixpkgs-unstable libxml2
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@gepbird Gutyina Gergő <gutyina.gergo.2@gmail.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
-
@nagy Daniel Nagy <danielnagy@posteo.de>
-
@hraban Hraban Luyat <hraban@0brg.net>
-
@lukego Luke Gorrie <luke@snabb.co>