Untriaged
Permalink
CVE-2026-1757
6.2 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
by @jopejoe1 Activity log
- Created automatic suggestion
- @jopejoe1 removed package sbclPackages.cl-libxml2
- @jopejoe1 removed package perlPackages.AlienLibxml2
- @jopejoe1 removed package perl538Packages.AlienLibxml2
- @jopejoe1 removed package perl540Packages.AlienLibxml2
- @jopejoe1 removed package tests.pkg-config.defaultPkgConfigPackages."libxml-2.0"
Libxml2: memory leak leading to local denial of service in xmllint interactive shell
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.
References
Affected products
rhcos
libxml2
Matching in nixpkgs
pkgs.libxml2
XML parsing library for C
pkgs.libxml2_13
XML parsing library for C
pkgs.libxml2Python
None
pkgs.python312Packages.libxml2
XML parsing library for C
-
nixos-unstable 2.15.1
pkgs.python313Packages.libxml2
XML parsing library for C
pkgs.python314Packages.libxml2
XML parsing library for C
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@gepbird Gutyina Gergő <gutyina.gergo.2@gmail.com>