Untriaged
Libxml: heap use after free (uaf) leads to denial of service (dos)
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Affected products
rhcos
- *
libxml2
- <2.15.0
- *
Red Hat JBoss Core Services 2.4.62.SP2
web-terminal/web-terminal-tooling-rhel9
- *
cert-manager/jetstack-cert-manager-rhel9
- *
web-terminal/web-terminal-rhel9-operator
- *
openshift-serverless-1/logic-rhel8-operator
- *
openshift-serverless-1/logic-operator-bundle
- *
insights-proxy/insights-proxy-container-rhel9
- *
openshift-serverless-1/logic-swf-builder-rhel8
- *
openshift-serverless-1/logic-swf-devmode-rhel8
- *
compliance/openshift-file-integrity-rhel8-operator
- *
openshift-serverless-1/logic-db-migrator-tool-rhel8
- *
openshift-serverless-1/logic-management-console-rhel8
- *
openshift-serverless-1/logic-data-index-ephemeral-rhel8
- *
openshift-serverless-1/logic-data-index-postgresql-rhel8
- *
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8
- *
openshift-serverless-1/logic-jobs-service-postgresql-rhel8
- *
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8
- *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
- *
Matching in nixpkgs
pkgs.libxml2_13
XML parsing library for C
-
nixos-unstable -
- nixpkgs-unstable 2.13.8
pkgs.libxml2Python
None
-
nixos-unstable -
- nixpkgs-unstable 2.14.5
pkgs.sbclPackages.cl-libxml2
None
-
nixos-unstable -
- nixpkgs-unstable libxml2-20130615-git
pkgs.python312Packages.libxml2
XML parsing library for C
-
nixos-unstable -
- nixpkgs-unstable 2.14.5
pkgs.python313Packages.libxml2
XML parsing library for C
-
nixos-unstable -
- nixpkgs-unstable 2.14.5
pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libxml-2.0%22
Test whether libxml2-2.14.5 exposes pkg-config modules libxml-2.0
-
nixos-unstable -
- nixpkgs-unstable libxml2
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@gepbird Gutyina Gergő <gutyina.gergo.2@gmail.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
-
@nagy Daniel Nagy <danielnagy@posteo.de>
-
@hraban Hraban Luyat <hraban@0brg.net>
-
@lukego Luke Gorrie <luke@snabb.co>