{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-49796", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-06-10T22:17:05.287Z", "datePublished": "2025-06-16T15:14:28.251Z", "dateUpdated": "2025-07-30T09:06:09.078Z"}, "containers": {"cna": {"title": "Libxml: type confusion leads to denial of service (dos)", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.12.5-7.el10_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:10.0"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.1-6.el7_9.10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_els:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.7-21.el8_10.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.7-21.el8_10.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.7-9.el8_2.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/o:redhat:rhel_aus:8.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.7-9.el8_4.6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.7-9.el8_4.6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.7-13.el8_6.10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/a:redhat:rhel_tus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.7-13.el8_6.10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/a:redhat:rhel_tus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.7-13.el8_6.10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/a:redhat:rhel_tus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.7-16.el8_8.9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.8::baseos", "cpe:/a:redhat:rhel_tus:8.8::appstream", "cpe:/a:redhat:rhel_e4s:8.8::appstream", "cpe:/o:redhat:rhel_tus:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.7-16.el8_8.9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.8::baseos", "cpe:/a:redhat:rhel_tus:8.8::appstream", "cpe:/a:redhat:rhel_e4s:8.8::appstream", "cpe:/o:redhat:rhel_tus:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.13-10.el9_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.13-10.el9_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.13-1.el9_0.5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:9.0::baseos", "cpe:/a:redhat:rhel_e4s:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.13-3.el9_2.7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:9.2::baseos", "cpe:/a:redhat:rhel_e4s:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "affected", "versions": [{"version": "0:2.9.13-10.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.4::baseos", "cpe:/a:redhat:rhel_eus:9.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxml2", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Core Services", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "libxml2", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:jboss_core_services:1"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:10630", "name": "RHSA-2025:10630", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10698", "name": "RHSA-2025:10698", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10699", "name": "RHSA-2025:10699", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11580", "name": "RHSA-2025:11580", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12098", "name": "RHSA-2025:12098", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12099", "name": "RHSA-2025:12099", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12199", "name": "RHSA-2025:12199", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12237", "name": "RHSA-2025:12237", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12239", "name": "RHSA-2025:12239", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12240", "name": "RHSA-2025:12240", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12241", "name": "RHSA-2025:12241", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-49796", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", "name": "RHBZ#2372385", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-06-11T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-125: Out-of-bounds Read", "workarounds": [{"lang": "en", "value": "There's no available mitigation other than to avoid processing untrusted XML documents before updating to the libxml version containing the fix."}], "timeline": [{"lang": "en", "time": "2025-06-12T00:35:26.470000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-06-11T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-07-30T09:06:09.078Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-16T15:32:55.790163Z", "id": "CVE-2025-49796", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T15:33:08.296Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-49796", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-16T15:32:55.790163Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T15:32:58.396Z"}}], "cna": {"title": "Libxml: type confusion leads to denial of service (dos)", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:10.0"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "versions": [{"status": "unaffected", "version": "0:2.12.5-7.el10_0", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_els:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "versions": [{"status": "unaffected", "version": "0:2.9.1-6.el7_9.10", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:2.9.7-21.el8_10.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:2.9.7-21.el8_10.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/o:redhat:rhel_aus:8.2::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "versions": [{"status": "unaffected", "version": "0:2.9.7-9.el8_2.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:2.9.7-9.el8_4.6", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "versions": [{"status": "unaffected", "version": "0:2.9.7-9.el8_4.6", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/a:redhat:rhel_tus:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:2.9.7-13.el8_6.10", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/a:redhat:rhel_tus:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:2.9.7-13.el8_6.10", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/a:redhat:rhel_tus:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.9.7-13.el8_6.10", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.8::baseos", "cpe:/a:redhat:rhel_tus:8.8::appstream", "cpe:/a:redhat:rhel_e4s:8.8::appstream", "cpe:/o:redhat:rhel_tus:8.8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:2.9.7-16.el8_8.9", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.8::baseos", "cpe:/a:redhat:rhel_tus:8.8::appstream", "cpe:/a:redhat:rhel_e4s:8.8::appstream", "cpe:/o:redhat:rhel_tus:8.8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.9.7-16.el8_8.9", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.9.13-10.el9_6", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.9.13-10.el9_6", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:9.0::baseos", "cpe:/a:redhat:rhel_e4s:9.0::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.9.13-1.el9_0.5", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:9.2::baseos", "cpe:/a:redhat:rhel_e4s:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:2.9.13-3.el9_2.7", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_eus:9.4::baseos", "cpe:/a:redhat:rhel_eus:9.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:2.9.13-10.el9_4", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "libxml2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_core_services:1"], "vendor": "Red Hat", "product": "Red Hat JBoss Core Services", "packageName": "libxml2", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-06-12T00:35:26.470000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-06-11T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-06-11T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:10630", "name": "RHSA-2025:10630", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10698", "name": "RHSA-2025:10698", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10699", "name": "RHSA-2025:10699", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11580", "name": "RHSA-2025:11580", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12098", "name": "RHSA-2025:12098", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12099", "name": "RHSA-2025:12099", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12199", "name": "RHSA-2025:12199", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12237", "name": "RHSA-2025:12237", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12239", "name": "RHSA-2025:12239", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12240", "name": "RHSA-2025:12240", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:12241", "name": "RHSA-2025:12241", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-49796", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", "name": "RHBZ#2372385", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "There's no available mitigation other than to avoid processing untrusted XML documents before updating to the libxml version containing the fix."}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-07-30T09:06:09.078Z"}, "x_redhatCweChain": "CWE-125: Out-of-bounds Read"}}, "cveMetadata": {"cveId": "CVE-2025-49796", "state": "PUBLISHED", "dateUpdated": "2025-07-30T09:06:09.078Z", "dateReserved": "2025-06-10T22:17:05.287Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-06-16T15:14:28.251Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en libxml2. El procesamiento de ciertos elementos sch:name del archivo XML de entrada puede provocar un problema de corrupci\u00f3n de memoria. Esta falla permite a un atacante manipular un archivo XML de entrada malicioso que puede provocar el bloqueo de libxml, lo que resulta en una denegaci\u00f3n de servicio u otro posible comportamiento indefinido debido a la corrupci\u00f3n de datos confidenciales en la memoria."}], "id": "CVE-2025-49796", "lastModified": "2025-07-30T10:15:31.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-06-16T16:15:19.370", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10630"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10698"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10699"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11580"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:12098"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:12099"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:12199"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:12237"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:12239"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:12240"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:12241"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-49796"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:10630", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "libxml2-0:2.12.5-7.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10698", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libxml2-0:2.9.7-21.el8_10.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-07-09T00:00:00Z"}, {"advisory": "RHSA-2025:10698", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "libxml2-0:2.9.7-21.el8_10.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-07-09T00:00:00Z"}, {"advisory": "RHSA-2025:10699", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libxml2-0:2.9.13-10.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-07-09T00:00:00Z"}, {"advisory": "RHSA-2025:10699", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "libxml2-0:2.9.13-10.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-07-09T00:00:00Z"}], "bugzilla": {"description": "libxml: Type confusion leads to Denial of service (DoS)", "id": "2372385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory."], "mitigation": {"lang": "en:us", "value": "There's no available mitigation other than to avoid processing untrusted XML documents before updating to the libxml version containing the fix."}, "name": "CVE-2025-49796", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Affected", "package_name": "libxml2", "product_name": "Red Hat JBoss Core Services"}], "public_date": "2025-06-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-49796\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-49796"], "statement": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).", "threat_severity": "Important"}