9.1

CVE-2025-49796

Libxml: type confusion leads to denial of service (dos)

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerSiemens
Produkt RUGGEDCOM ROX MX5000
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX MX5000RE
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1400
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1500
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1501
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1510
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1511
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1512
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1524
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1536
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX5000
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM RST2428P
Default Statusunknown
Version 0
Version < V4.0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.44% 0.697
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/CVE-2025-49796
https://bugzilla.redhat.com/show_bug.cgi?id=2372385
https://access.redhat.com/errata/RHSA-2025:10630
https://access.redhat.com/errata/RHSA-2025:10698
https://access.redhat.com/errata/RHSA-2025:10699
https://access.redhat.com/errata/RHSA-2025:11580
https://access.redhat.com/errata/RHSA-2025:12098
https://access.redhat.com/errata/RHSA-2025:12099
https://access.redhat.com/errata/RHSA-2025:12199
https://access.redhat.com/errata/RHSA-2025:12239
https://access.redhat.com/errata/RHSA-2025:12240
https://access.redhat.com/errata/RHSA-2025:12241
https://access.redhat.com/errata/RHSA-2025:12237
https://access.redhat.com/errata/RHSA-2025:13267
https://access.redhat.com/errata/RHSA-2025:13335
https://access.redhat.com/errata/RHSA-2025:15828
https://access.redhat.com/errata/RHSA-2025:15827
https://access.redhat.com/errata/RHSA-2025:18219
https://access.redhat.com/errata/RHSA-2025:15397
https://access.redhat.com/errata/RHSA-2025:18218
https://access.redhat.com/errata/RHSA-2025:18217
https://access.redhat.com/errata/RHSA-2025:18240
https://access.redhat.com/errata/RHSA-2025:19020
https://access.redhat.com/errata/RHSA-2025:19046
https://access.redhat.com/errata/RHSA-2025:19041
https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html
https://access.redhat.com/errata/RHSA-2025:19894
https://access.redhat.com/errata/RHSA-2025:21913
https://access.redhat.com/errata/RHSA-2026:0934
https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
https://access.redhat.com/errata/RHSA-2026:7519
https://cert-portal.siemens.com/productcert/html/ssa-577017.html
https://cert-portal.siemens.com/productcert/html/ssa-253495.html