CVE-2025-49796
🟠 Łataj w tym tygodniu
Wadliwość w libxml2 umożliwia atakującemu stworzenie złośliwego pliku XML, co prowadzi do awarii i odmowy usługi.
CVSS
9.1
EPSS
1.8%
Exploit
none
Vendor
Opis źródłowy (NVD)
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
dos
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.1 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 1.8% |
| Opublikowano (NVD) | 2025-06-16 16:15:19 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-19 20:16:21 UTC |
Referencje
- https://access.redhat.com/errata/RHSA-2025:10630 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:10698 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:10699 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:11580 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:12098 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:12099 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:12199 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:12237 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:12239 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:12240 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:12241 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:13267 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:13335 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:15397 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:15827 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:15828 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:18217 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:18218 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:18219 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:18240 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:19020 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:19041 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:19046 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:19894 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2025:21913 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2026:0934 (secalert@redhat.com)
- https://access.redhat.com/errata/RHSA-2026:7519 (secalert@redhat.com)
- https://access.redhat.com/security/cve/CVE-2025-49796 (secalert@redhat.com)
- https://bugzilla.redhat.com/show_bug.cgi?id=2372385 (secalert@redhat.com)
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/933 (secalert@redhat.com)
- https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html (af854a3a-2127-422b-91ae-364da2661108)