CVE-2025-49796

Name
CVE-2025-49796
Description
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2025-49796
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2372385
vendor-advisory https://access.redhat.com/errata/RHSA-2025:10630
vendor-advisory https://access.redhat.com/errata/RHSA-2025:10698
vendor-advisory https://access.redhat.com/errata/RHSA-2025:10699
vendor-advisory https://access.redhat.com/errata/RHSA-2025:11580
vendor-advisory https://access.redhat.com/errata/RHSA-2025:12098
vendor-advisory https://access.redhat.com/errata/RHSA-2025:12099
vendor-advisory https://access.redhat.com/errata/RHSA-2025:12199
vendor-advisory https://access.redhat.com/errata/RHSA-2025:12239
vendor-advisory https://access.redhat.com/errata/RHSA-2025:12240
vendor-advisory https://access.redhat.com/errata/RHSA-2025:12241
vendor-advisory https://access.redhat.com/errata/RHSA-2025:12237
vendor-advisory https://access.redhat.com/errata/RHSA-2025:13267
vendor-advisory https://access.redhat.com/errata/RHSA-2025:13335
vendor-advisory https://access.redhat.com/errata/RHSA-2025:15828
vendor-advisory https://access.redhat.com/errata/RHSA-2025:15827
vendor-advisory https://access.redhat.com/errata/RHSA-2025:18219
vendor-advisory https://access.redhat.com/errata/RHSA-2025:15397
vendor-advisory https://access.redhat.com/errata/RHSA-2025:18218
vendor-advisory https://access.redhat.com/errata/RHSA-2025:18217
vendor-advisory https://access.redhat.com/errata/RHSA-2025:18240
vendor-advisory https://access.redhat.com/errata/RHSA-2025:19020
vendor-advisory https://access.redhat.com/errata/RHSA-2025:19046
vendor-advisory https://access.redhat.com/errata/RHSA-2025:19041
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19894
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:21913

Match rules

CPE URI Source package Min version Max version
cpe:/o:redhat:enterprise_linux:10.0 shopxo >= 0:2.12.5-7.el10_0 < *
cpe:/o:redhat:rhel_els:7 shopxo >= 0:2.9.1-6.el7_9.10 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:2.9.13-10.el9_6 < *
cpe:/a:redhat:webterminal:1.11::el9 shopxo >= 1.11-19 < *
cpe:/a:redhat:webterminal:1.11::el9 shopxo >= 1.11-8 < *
cpe:/a:redhat:webterminal:1.12::el9 shopxo >= 1.12-4 < *
shopxo >= 0 < 2.15.0
cpe:/o:redhat:rhel_e4s:9.2::baseos shopxo >= 0:2.9.13-3.el9_2.7 < *
cpe:/o:redhat:rhel_eus:9.4::baseos shopxo >= 0:2.9.13-10.el9_4 < *
cpe:/a:redhat:openshift:4.13::el9 shopxo >= 413.92.202510150118-0 < *
cpe:/a:redhat:openshift:4.14::el9 shopxo >= 414.92.202510211419-0 < *
cpe:/a:redhat:openshift:4.17::el9 shopxo >= 417.94.202510112152-0 < *
cpe:/a:redhat:openshift:4.18::el9 shopxo >= 418.94.202510230424-0 < *
cpe:/a:redhat:openshift:4.19::el9 shopxo >= 4.19.9.6.202510140714-0 < *
cpe:/a:redhat:openshift:4.20::el9 shopxo >= 4.20.9.6.202509251656-0 < *
cpe:/o:redhat:enterprise_linux:8::baseos shopxo >= 0:2.9.7-21.el8_10.1 < *
cpe:/o:redhat:rhel_aus:8.2::baseos shopxo >= 0:2.9.7-9.el8_2.3 < *
cpe:/a:redhat:rhel_aus:8.4::appstream shopxo >= 0:2.9.7-9.el8_4.6 < *
cpe:/a:redhat:rhel_e4s:8.6::appstream shopxo >= 0:2.9.7-13.el8_6.10 < *
cpe:/a:redhat:rhel_e4s:8.8::appstream shopxo >= 0:2.9.7-16.el8_8.9 < *
cpe:/o:redhat:rhel_e4s:9.0::baseos shopxo >= 0:2.9.13-1.el9_0.5 < *
cpe:/a:redhat:cert_manager:1.16::el9 shopxo >= sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2 < *
cpe:/a:redhat:discovery:2::el9 shopxo >= sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec < *
cpe:/a:redhat:insights_proxy:1.5::el9 shopxo >= sha256:c26d589f12647890b67aaa986f54d3f7c6f7f2563fb5a73f38d559e6138739d7 < *

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libxml2 edge-main 2.13.9-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
libxml2 3.22-main 2.13.9-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
libxml2 3.21-main 2.13.9-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed