Untriaged
by @jopejoe1 Activity log
- Created automatic suggestion
-
@jopejoe1
removed
5 packages
- sbclPackages.cl-libxml2
- perlPackages.AlienLibxml2
- perl538Packages.AlienLibxml2
- perl540Packages.AlienLibxml2
- tests.pkg-config.defaultPkgConfigPackages."libxml-2.0"
Libxml2: memory leak leading to local denial of service in xmllint interactive shell
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.
Affected products
rhcos
libxml2
Matching in nixpkgs
pkgs.libxml2
XML parsing library for C
pkgs.libxml2_13
XML parsing library for C
pkgs.libxml2Python
None
pkgs.python312Packages.libxml2
XML parsing library for C
-
nixos-unstable 2.15.1
pkgs.python313Packages.libxml2
XML parsing library for C
pkgs.python314Packages.libxml2
XML parsing library for C
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@gepbird Gutyina Gergő <gutyina.gergo.2@gmail.com>