CVE-2025-49796

EPSS 0.4%
Veröffentlicht 16.06.2025 15:14:28
Zuletzt bearbeitet 20.03.2026 20:16:46
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 33

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://gitlab.gnome.org/GNOME/libxml2/

≫

Paket libxml2

Default Statusunaffected

Version < 2.15.0

Version 0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusaffected

Version < *

Version 0:2.12.5-7.el10_0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support

Default Statusaffected

Version < *

Version 0:2.9.1-6.el7_9.10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:2.9.7-21.el8_10.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:2.9.7-21.el8_10.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version < *

Version 0:2.9.7-9.el8_2.3

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:2.9.7-9.el8_4.6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Default Statusaffected

Version < *

Version 0:2.9.7-9.el8_4.6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:2.9.7-13.el8_6.10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:2.9.7-13.el8_6.10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:2.9.7-13.el8_6.10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:2.9.7-16.el8_8.9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:2.9.7-16.el8_8.9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:2.9.13-10.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:2.9.13-10.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:2.9.13-1.el9_0.5

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:2.9.13-3.el9_2.7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version < *

Version 0:2.9.13-10.el9_4

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Core Services 2.4.62.SP2

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.12

Default Statusaffected

Version < *

Version 412.86.202510291903-0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.13

Default Statusaffected

Version < *

Version 413.92.202510150118-0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.14

Default Statusaffected

Version < *

Version 414.92.202510211419-0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.17

Default Statusaffected

Version < *

Version 417.94.202510112152-0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.18

Default Statusaffected

Version < *

Version 418.94.202510230424-0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.19

Default Statusaffected

Version < *

Version 4.19.9.6.202510140714-0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.20

Default Statusaffected

Version < *

Version 4.20.9.6.202509251656-0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Web Terminal 1.11 on RHEL 9

Default Statusaffected

Version < *

Version 1.11-19

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Web Terminal 1.11 on RHEL 9

Default Statusaffected

Version < *

Version 1.11-8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Web Terminal 1.12 on RHEL 9

Default Statusaffected

Version < *

Version 1.12-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-11

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-11

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-11

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-10

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-10

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-9

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-12

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-18

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-11

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-7

Status unaffected

HerstellerRed Hat

≫

Produkt cert-manager operator for Red Hat OpenShift 1.16

Default Statusaffected

Version < *

Version sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2

Status unaffected

HerstellerRed Hat

≫

Produkt File Integrity Operator 1

Default Statusaffected

Version < *

Version sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Discovery 2

Default Statusaffected

Version < *

Version sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Insights proxy 1.5

Default Statusaffected

Version < *

Version sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6

Default Statusunknown

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.604

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/CVE-2025-49796

https://bugzilla.redhat.com/show_bug.cgi?id=2372385

https://access.redhat.com/errata/RHSA-2025:10630

https://access.redhat.com/errata/RHSA-2025:10698

https://access.redhat.com/errata/RHSA-2025:10699

https://access.redhat.com/errata/RHSA-2025:11580

https://access.redhat.com/errata/RHSA-2025:12098

https://access.redhat.com/errata/RHSA-2025:12099

https://access.redhat.com/errata/RHSA-2025:12199

https://access.redhat.com/errata/RHSA-2025:12239

https://access.redhat.com/errata/RHSA-2025:12240

https://access.redhat.com/errata/RHSA-2025:12241

https://access.redhat.com/errata/RHSA-2025:12237

https://access.redhat.com/errata/RHSA-2025:13267

https://access.redhat.com/errata/RHSA-2025:13335

https://access.redhat.com/errata/RHSA-2025:15828

https://access.redhat.com/errata/RHSA-2025:15827

https://access.redhat.com/errata/RHSA-2025:18219

https://access.redhat.com/errata/RHSA-2025:15397

https://access.redhat.com/errata/RHSA-2025:18218

https://access.redhat.com/errata/RHSA-2025:18217

https://access.redhat.com/errata/RHSA-2025:18240

https://access.redhat.com/errata/RHSA-2025:19020

https://access.redhat.com/errata/RHSA-2025:19046

https://access.redhat.com/errata/RHSA-2025:19041

https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html

https://access.redhat.com/errata/RHSA-2025:19894

https://access.redhat.com/errata/RHSA-2025:21913

https://access.redhat.com/errata/RHSA-2026:0934

https://gitlab.gnome.org/GNOME/libxml2/-/issues/933

https://nvd.nist.gov/vuln/detail/CVE-2025-49796

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-49796

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-49796

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-49796