CVE-2025-6021

Media report

EPSS 0.09%
Published 12.06.2025 12:49:16
Last modified 18.09.2025 10:15:34
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Affected products Warnungen 0 Metrics 2 CWE 1 References 27

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://gitlab.gnome.org/GNOME/libxml2/

≫

Package libxml2

Default Statusunaffected

Version < 2.14.4

Version 0

Status affected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 10

Default Statusaffected

Version < *

Version 0:2.12.5-7.el10_0

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 7 Extended Lifecycle Support

Default Statusaffected

Version < *

Version 0:2.9.1-6.el7_9.10

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:2.9.7-21.el8_10.1

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:2.9.7-21.el8_10.1

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version < *

Version 0:2.9.7-9.el8_2.3

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:2.9.7-9.el8_4.6

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Default Statusaffected

Version < *

Version 0:2.9.7-9.el8_4.6

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:2.9.7-13.el8_6.10

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:2.9.7-13.el8_6.10

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:2.9.7-13.el8_6.10

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:2.9.7-16.el8_8.9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:2.9.7-16.el8_8.9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:2.9.13-10.el9_6

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:2.9.13-10.el9_6

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:2.9.13-1.el9_0.5

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:2.9.13-3.el9_2.7

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version < *

Version 0:2.9.13-10.el9_4

Status unaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.12

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.13

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.14

Default Statusaffected

Version < *

Version 414.92.202508041909-0

Status unaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.15

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.16

Default Statusaffected

Version < *

Version 416.94.202508050040-0

Status unaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.17

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.18

Default Statusaffected

Version < *

Version 418.94.202508060022-0

Status unaffected

VendorRed Hat

≫

Product Red Hat Discovery 2

Default Statusaffected

Version < *

Version sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344

Status unaffected

VendorRed Hat

≫

Product Red Hat Insights proxy 1.5

Default Statusaffected

Version < *

Version sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 6

Default Statusunknown

VendorRed Hat

≫

Product Red Hat In-Vehicle Operating System 1

Default Statusaffected

VendorRed Hat

≫

Product Red Hat JBoss Core Services

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.262

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.heise.de/news/Sicherheitsluecken-Tenable-Nessus-Angreifer-koennen-Sytstemdaten-ueberschreiben-10467111.html

Medienbericht

heise Security

https://access.redhat.com/security/cve/CVE-2025-6021

https://bugzilla.redhat.com/show_bug.cgi?id=2372406

https://access.redhat.com/errata/RHSA-2025:10630

https://access.redhat.com/errata/RHSA-2025:10698

https://access.redhat.com/errata/RHSA-2025:10699

https://access.redhat.com/errata/RHSA-2025:11580

https://access.redhat.com/errata/RHSA-2025:12098

https://access.redhat.com/errata/RHSA-2025:12099

https://access.redhat.com/errata/RHSA-2025:12199