9.1
CVE-2025-49796
- EPSS 1.44%
- Veröffentlicht 16.06.2025 15:14:28
- Zuletzt bearbeitet 29.06.2026 21:16:37
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Libxml: type confusion leads to denial of service (dos)
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX MX5000
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX MX5000RE
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1400
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1500
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1501
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1510
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1511
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1512
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1524
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1536
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX5000
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM RST2428P
Default Statusunknown
Version
0
Version <
V4.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.44% | 0.697 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://access.redhat.com/security/cve/CVE-2025-49796
https://bugzilla.redhat.com/show_bug.cgi?id=2372385
https://access.redhat.com/errata/RHSA-2025:10630
https://access.redhat.com/errata/RHSA-2025:10698
https://access.redhat.com/errata/RHSA-2025:10699
https://access.redhat.com/errata/RHSA-2025:11580
https://access.redhat.com/errata/RHSA-2025:12098
https://access.redhat.com/errata/RHSA-2025:12099
https://access.redhat.com/errata/RHSA-2025:12199
https://access.redhat.com/errata/RHSA-2025:12239
https://access.redhat.com/errata/RHSA-2025:12240
https://access.redhat.com/errata/RHSA-2025:12241
https://access.redhat.com/errata/RHSA-2025:12237
https://access.redhat.com/errata/RHSA-2025:13267
https://access.redhat.com/errata/RHSA-2025:13335
https://access.redhat.com/errata/RHSA-2025:15828
https://access.redhat.com/errata/RHSA-2025:15827
https://access.redhat.com/errata/RHSA-2025:18219
https://access.redhat.com/errata/RHSA-2025:15397
https://access.redhat.com/errata/RHSA-2025:18218
https://access.redhat.com/errata/RHSA-2025:18217
https://access.redhat.com/errata/RHSA-2025:18240
https://access.redhat.com/errata/RHSA-2025:19020
https://access.redhat.com/errata/RHSA-2025:19046
https://access.redhat.com/errata/RHSA-2025:19041
https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html
https://access.redhat.com/errata/RHSA-2025:19894
https://access.redhat.com/errata/RHSA-2025:21913
https://access.redhat.com/errata/RHSA-2026:0934
https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
https://access.redhat.com/errata/RHSA-2026:7519
https://cert-portal.siemens.com/productcert/html/ssa-577017.html
https://cert-portal.siemens.com/productcert/html/ssa-253495.html