CVE-2025-6021 HIGH

Published: 2025-06-12 | Last Modified: 2026-06-25 | Status: Modified

Description

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Additional Descriptions (1)

Se detectó una falla en la función xmlBuildQName de libxml2. Los desbordamientos de enteros en los cálculos del tamaño del búfer pueden provocar un desbordamiento del búfer en la pila. Este problema puede provocar corrupción de memoria o una denegación de servicio al procesar entradas manipuladas.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Secondary

Exploitability Score: 3.9

Impact Score: 3.6

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-787
[email protected]	Secondary	en CWE-787

Affected Products

Vendor	Product	Version	Update	Type
xmlsoft	libxml2	*	<built-in method update of dict object at 0x72a9b0d3ee80>	Application
redhat	jboss_core_services	-	<built-in method update of dict object at 0x72a9b0d3c280>	Application
redhat	openshift_container_platform	4.12	<built-in method update of dict object at 0x72a9b0795700>	Application
redhat	openshift_container_platform	4.13	<built-in method update of dict object at 0x72a9cc556240>	Application
redhat	openshift_container_platform	4.14	<built-in method update of dict object at 0x72a9b0d3dac0>	Application
redhat	openshift_container_platform	4.15	<built-in method update of dict object at 0x72a9b0d3d200>	Application
redhat	openshift_container_platform	4.16	<built-in method update of dict object at 0x72a9b07975c0>	Application
redhat	openshift_container_platform	4.17	<built-in method update of dict object at 0x72a9b0d3d480>	Application
redhat	openshift_container_platform	4.18	<built-in method update of dict object at 0x72a9cc627980>	Application
redhat	openshift_container_platform_for_arm64	4.13	<built-in method update of dict object at 0x72a9b0d3f600>	Application
redhat	openshift_container_platform_for_arm64	4.14	<built-in method update of dict object at 0x72a9b0794480>	Application
redhat	openshift_container_platform_for_arm64	4.15	<built-in method update of dict object at 0x72a9b0d3cd40>	Application
redhat	openshift_container_platform_for_arm64	4.16	<built-in method update of dict object at 0x72a9b0c3d000>	Application
redhat	openshift_container_platform_for_arm64	4.17	<built-in method update of dict object at 0x72a9cc8300c0>	Application
redhat	openshift_container_platform_for_arm64	4.18	<built-in method update of dict object at 0x72a9b0d3dc00>	Application
redhat	openshift_container_platform_for_ibm_z	4.13	<built-in method update of dict object at 0x72a9cc624180>	Application
redhat	openshift_container_platform_for_ibm_z	4.14	<built-in method update of dict object at 0x72a9b0d3f700>	Application
redhat	openshift_container_platform_for_ibm_z	4.15	<built-in method update of dict object at 0x72a9b0d3eb00>	Application
redhat	openshift_container_platform_for_ibm_z	4.16	<built-in method update of dict object at 0x72a9b0db4e80>	Application
redhat	openshift_container_platform_for_ibm_z	4.17	<built-in method update of dict object at 0x72a9cc60c800>	Application
redhat	openshift_container_platform_for_ibm_z	4.18	<built-in method update of dict object at 0x72a9b0c98d80>	Application
redhat	openshift_container_platform_for_linuxone	4.13	<built-in method update of dict object at 0x72a9b0d3c180>	Application
redhat	openshift_container_platform_for_linuxone	4.14	<built-in method update of dict object at 0x72a9b0797180>	Application
redhat	openshift_container_platform_for_linuxone	4.15	<built-in method update of dict object at 0x72a9b0797cc0>	Application
redhat	openshift_container_platform_for_linuxone	4.16	<built-in method update of dict object at 0x72a9b0c3d480>	Application
redhat	openshift_container_platform_for_linuxone	4.17	<built-in method update of dict object at 0x72a9e5292a00>	Application
redhat	openshift_container_platform_for_linuxone	4.18	<built-in method update of dict object at 0x72a9b0c9b440>	Application
redhat	openshift_container_platform_for_power	4.13	<built-in method update of dict object at 0x72a9b0797200>	Application
redhat	openshift_container_platform_for_power	4.14	<built-in method update of dict object at 0x72a9b0794140>	Application
redhat	openshift_container_platform_for_power	4.15	<built-in method update of dict object at 0x72a9b0795dc0>	Application
redhat	openshift_container_platform_for_power	4.16	<built-in method update of dict object at 0x72a9b0794e40>	Application
redhat	openshift_container_platform_for_power	4.17	<built-in method update of dict object at 0x72a9b0797240>	Application
redhat	openshift_container_platform_for_power	4.18	<built-in method update of dict object at 0x72a9b0795ac0>	Application
redhat	enterprise_linux	8.0	<built-in method update of dict object at 0x72a9b0796300>	Operating System
redhat	enterprise_linux	9.0	<built-in method update of dict object at 0x72a9b0795200>	Operating System
redhat	enterprise_linux	10.0	<built-in method update of dict object at 0x72a9b07940c0>	Operating System
redhat	enterprise_linux_eus	8.4	<built-in method update of dict object at 0x72a9b0796bc0>	Operating System
redhat	enterprise_linux_eus	8.6	<built-in method update of dict object at 0x72a9b0797a40>	Operating System
redhat	enterprise_linux_eus	8.8	<built-in method update of dict object at 0x72a9b0795280>	Operating System
redhat	enterprise_linux_eus	9.4	<built-in method update of dict object at 0x72a9b0795000>	Operating System
redhat	enterprise_linux_eus	9.6	<built-in method update of dict object at 0x72a9b0794c80>	Operating System
redhat	enterprise_linux_eus	10.0	<built-in method update of dict object at 0x72a9b0797a00>	Operating System
redhat	enterprise_linux_for_arm_64	8.0_aarch64	<built-in method update of dict object at 0x72a9b0796500>	Operating System
redhat	enterprise_linux_for_arm_64	9.0_aarch64	<built-in method update of dict object at 0x72a9b0795f80>	Operating System
redhat	enterprise_linux_for_arm_64	9.4_aarch64	<built-in method update of dict object at 0x72a9b0796e40>	Operating System
redhat	enterprise_linux_for_arm_64	10.0_aarch64	<built-in method update of dict object at 0x72a9b0796c80>	Operating System
redhat	enterprise_linux_for_arm_64_eus	9.4_aarch64	<built-in method update of dict object at 0x72a9b07941c0>	Operating System
redhat	enterprise_linux_for_arm_64_eus	9.6_aarch64	<built-in method update of dict object at 0x72a9b0795940>	Operating System
redhat	enterprise_linux_for_arm_64_eus	10.0_aarch64	<built-in method update of dict object at 0x72a9b0795d40>	Operating System
redhat	enterprise_linux_for_ibm_z_systems	8.0_s390x	<built-in method update of dict object at 0x72a9b0797000>	Operating System
redhat	enterprise_linux_for_ibm_z_systems	9.4_s390x	<built-in method update of dict object at 0x72a9b0797f80>	Operating System
redhat	enterprise_linux_for_ibm_z_systems	10.0_s390x	<built-in method update of dict object at 0x72a9b0797040>	Operating System
redhat	enterprise_linux_for_ibm_z_systems_eus	9.0_s390x	<built-in method update of dict object at 0x72a9b0797480>	Operating System
redhat	enterprise_linux_for_ibm_z_systems_eus	9.4_s390x	<built-in method update of dict object at 0x72a9b0794d80>	Operating System
redhat	enterprise_linux_for_ibm_z_systems_eus	9.6_s390x	<built-in method update of dict object at 0x72a9b0795d80>	Operating System
redhat	enterprise_linux_for_ibm_z_systems_eus	10.0_s390x	<built-in method update of dict object at 0x72a9cc645640>	Operating System
redhat	enterprise_linux_for_power_little_endian	8.0_ppc64le	<built-in method update of dict object at 0x72a9b0a35940>	Operating System
redhat	enterprise_linux_for_power_little_endian	9.0_ppc64le	<built-in method update of dict object at 0x72a9b0a37f00>	Operating System
redhat	enterprise_linux_for_power_little_endian	10.0_ppc64le	<built-in method update of dict object at 0x72a9b0a345c0>	Operating System
redhat	enterprise_linux_for_power_little_endian_eus	9.4_ppc64le	<built-in method update of dict object at 0x72a9b0d3d040>	Operating System
redhat	enterprise_linux_for_power_little_endian_eus	9.6_ppc64le	<built-in method update of dict object at 0x72a9b0a378c0>	Operating System
redhat	enterprise_linux_for_power_little_endian_eus	10.0_ppc64le	<built-in method update of dict object at 0x72a9b0a35980>	Operating System
redhat	enterprise_linux_server	7.0	<built-in method update of dict object at 0x72a9b0a34380>	Operating System
redhat	enterprise_linux_server_aus	8.2	<built-in method update of dict object at 0x72a9b0a36500>	Operating System
redhat	enterprise_linux_server_aus	8.4	<built-in method update of dict object at 0x72a9b0a35280>	Operating System
redhat	enterprise_linux_server_aus	8.6	<built-in method update of dict object at 0x72a9b0a355c0>	Operating System
redhat	enterprise_linux_server_aus	9.2	<built-in method update of dict object at 0x72a9b0a36740>	Operating System
redhat	enterprise_linux_server_aus	9.4	<built-in method update of dict object at 0x72a9b0a34540>	Operating System
redhat	enterprise_linux_server_aus	9.6	<built-in method update of dict object at 0x72a9b0a37540>	Operating System
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.4_ppc64le	<built-in method update of dict object at 0x72a9b0d3c980>	Operating System
redhat	enterprise_linux_server_tus	8.8	<built-in method update of dict object at 0x72a9b0d3e500>	Operating System
redhat	in-vehicle_operating_system	1.0	<built-in method update of dict object at 0x72a9b0a37180>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:xmlsoft:libxml2::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:redhat:jboss_core_services:-:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform:4.13:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform:4.15:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform:4.16:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform:4.17:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform:4.18:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.17:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.18:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.16:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.17:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.18:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.16:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.17:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.18:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_power:4.17:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform_for_power:4.18:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:9.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:10.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0_aarch64:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0_aarch64:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*`
Yes	`cpe:2.3:o:redhat:in-vehicle_operating_system:1.0:::::::*`

References

https://access.redhat.com/errata/RHSA-2025:10630
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:10698
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:10699
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:11580
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:11673
Source: [email protected]
https://access.redhat.com/errata/RHSA-2025:12098
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12099
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12199
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12237
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12239
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12240
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12241
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13267
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13289
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13325
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13335
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13336
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:14059
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:14396
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:15308
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:15672
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:19020
Source: [email protected]
https://access.redhat.com/errata/RHSA-2026:7519
Source: [email protected]
https://access.redhat.com/security/cve/CVE-2025-6021
Source: [email protected]

Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2372406
Source: [email protected]

Issue Tracking
https://gitlab.gnome.org/GNOME/libxml2/-/issues/926
Source: [email protected]

Exploit Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://cert-portal.siemens.com/productcert/html/ssa-032379.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
https://gitlab.gnome.org/GNOME/libxml2/-/issues/926
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit Issue Tracking Vendor Advisory