Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-32415 (GCVE-0-2025-32415)
Vulnerability from cvelistv5
Published
2025-04-17 00:00
Modified
2025-04-17 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Summary
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32415",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T18:38:26.252207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:38:30.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libxml2",
"vendor": "xmlsoft",
"versions": [
{
"lessThan": "2.13.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.14.2",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.13.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.14.2",
"versionStartIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T17:21:08.467Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32415",
"datePublished": "2025-04-17T00:00:00.000Z",
"dateReserved": "2025-04-08T00:00:00.000Z",
"dateUpdated": "2025-04-17T18:38:30.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-32415\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-04-17T17:15:33.733\",\"lastModified\":\"2025-04-23T18:17:52.053\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.\"},{\"lang\":\"es\",\"value\":\"En libxml2 anterior a la versi\u00f3n 2.13.8 y 2.14.x anterior a la versi\u00f3n 2.14.2, xmlSchemaIDCFillNodeTables en xmlschemas.c presenta una sublectura del b\u00fafer basado en el mont\u00f3n. Para aprovechar esto, un documento XML creado debe validarse con un esquema XML con ciertas restricciones de identidad, o bien, debe utilizarse un esquema XML creado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":2.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.4,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.13.8\",\"matchCriteriaId\":\"DF308A16-618A-44BE-900E-3B65DCC0E428\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.14.0\",\"versionEndExcluding\":\"2.14.2\",\"matchCriteriaId\":\"9878007F-7139-47DE-BD8F-E0DFCAD038B7\"}]}]}],\"references\":[{\"url\":\"https://gitlab.gnome.org/GNOME/libxml2/-/issues/890\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://gitlab.gnome.org/GNOME/libxml2/-/issues/890\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-32415\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-17T18:38:26.252207Z\"}}}], \"references\": [{\"url\": \"https://gitlab.gnome.org/GNOME/libxml2/-/issues/890\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-17T18:38:21.052Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 2.9, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\"}}], \"affected\": [{\"vendor\": \"xmlsoft\", \"product\": \"libxml2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.13.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.14.0\", \"lessThan\": \"2.14.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://gitlab.gnome.org/GNOME/libxml2/-/issues/890\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1284\", \"description\": \"CWE-1284 Improper Validation of Specified Quantity in Input\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.13.8\"}, {\"criteria\": \"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.14.2\", \"versionStartIncluding\": \"2.14.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-04-17T17:21:08.467Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-32415\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-17T18:38:30.600Z\", \"dateReserved\": \"2025-04-08T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-04-17T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
ncsc-2025-0333
Vulnerability from csaf_ncscnl
Published
2025-10-23 13:35
Modified
2025-10-23 13:35
Summary
Kwetsbaarheden verholpen in Oracle Financial Services
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Oracle Financial Services componenten.
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om ongeautoriseerde toegang te krijgen tot gevoelige gegevens via HTTP. Dit kan leiden tot ongeoorloofde toegang en wijzigingen van kritieke data, met een CVSS-score van 9.8 die de significante impact op de vertrouwelijkheid benadrukt. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot denial-of-service (DoS) aanvallen, wat de beschikbaarheid van het systeem in gevaar kan brengen.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-23
Relative Path Traversal
CWE-125
Out-of-bounds Read
CWE-197
Numeric Truncation Error
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-284
Improper Access Control
CWE-285
Improper Authorization
CWE-306
Missing Authentication for Critical Function
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-611
Improper Restriction of XML External Entity Reference
CWE-674
Uncontrolled Recursion
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-862
Missing Authorization
CWE-863
Incorrect Authorization
CWE-918
Server-Side Request Forgery (SSRF)
CWE-937
CWE-937
CWE-1035
CWE-1035
CWE-1284
Improper Validation of Specified Quantity in Input
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Financial Services componenten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om ongeautoriseerde toegang te krijgen tot gevoelige gegevens via HTTP. Dit kan leiden tot ongeoorloofde toegang en wijzigingen van kritieke data, met een CVSS-score van 9.8 die de significante impact op de vertrouwelijkheid benadrukt. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot denial-of-service (DoS) aanvallen, wat de beschikbaarheid van het systeem in gevaar kan brengen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Financial Services",
"tracking": {
"current_release_date": "2025-10-23T13:35:32.902231Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0333",
"initial_release_date": "2025-10-23T13:35:32.902231Z",
"revision_history": [
{
"date": "2025-10-23T13:35:32.902231Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Financial Services Revenue Management And Billing"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Banking Branch"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Banking Corporate Lending Process Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Banking Origination"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Analytical Applications Infrastructure"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Behavior Detection Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Compliance Studio"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Model Management and Governance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11988",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Financial Services applications and Apache XmlGraphics Commons allow unauthorized access to critical data and server-side request forgery, all with a CVSS score of 8.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-11988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-11988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2020-11988"
},
{
"cve": "CVE-2024-28168",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "description",
"text": "Recent updates address multiple security vulnerabilities across various products, including XML External Entity (XXE) issues in Apache XML Graphics FOP and Oracle applications, allowing unauthorized access to sensitive data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28168 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28168.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2024-28168"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-27553",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27553 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27553.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-27553"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32415 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32415.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Financial Services and the Spring Framework expose critical data and authorization flaws, affecting multiple versions and products with significant security implications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-50074",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Revenue Management and Billing (versions 2.9.0.0.0-7.2.0.0.0) allows high-privileged attackers to gain unauthorized access to critical data via HTTP, with a CVSS 3.1 Base Score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-50074 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50074.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-50074"
},
{
"cve": "CVE-2025-50075",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Revenue Management and Billing (versions 2.9.0.0.0-7.2.0.0.0) allows low privileged attackers with HTTP access to potentially gain unauthorized access to critical data, with a CVSS score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-50075 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50075.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-50075"
},
{
"cve": "CVE-2025-53034",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53034 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53034.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-53034"
},
{
"cve": "CVE-2025-53035",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows low privileged attackers to access critical data, affecting versions 8.0.7.9, 8.0.8.7, and 8.1.2.5, with a CVSS score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53035 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53035.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-53035"
},
{
"cve": "CVE-2025-53036",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows unauthenticated attackers to access critical data via HTTP, with a CVSS score of 8.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53036 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53036.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-53036"
},
{
"cve": "CVE-2025-53037",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A critical vulnerability in Oracle Financial Services Analytical Applications Infrastructure (versions 8.0.7.9, 8.0.8.7, and 8.1.2.5) allows unauthenticated attackers to compromise the system via HTTP, with a CVSS score of 9.8.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53037 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53037.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-53037"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server\u0027s Perl component but is not exploitable.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-61751",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows low-privileged attackers to exploit it via HTTP, posing significant risks to data confidentiality and integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61751 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61751.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-61751"
},
{
"cve": "CVE-2025-61756",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows unauthenticated attackers to execute denial of service attacks on specific versions, rated with a CVSS score of 7.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61756 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61756.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9"
]
}
],
"title": "CVE-2025-61756"
}
]
}
ncsc-2025-0330
Vulnerability from csaf_ncscnl
Published
2025-10-23 13:20
Modified
2025-10-23 13:20
Summary
Kwetsbaarheden verholpen in Oracle Communications producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.
Interpretaties
De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden variëren van 3.1 tot 9.8, wat wijst op een breed scala aan risico's, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23
Relative Path Traversal
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-121
Stack-based Buffer Overflow
CWE-122
Heap-based Buffer Overflow
CWE-124
Buffer Underwrite ('Buffer Underflow')
CWE-125
Out-of-bounds Read
CWE-129
Improper Validation of Array Index
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-147
Improper Neutralization of Input Terminators
CWE-190
Integer Overflow or Wraparound
CWE-197
Numeric Truncation Error
CWE-241
Improper Handling of Unexpected Data Type
CWE-252
Unchecked Return Value
CWE-253
Incorrect Check of Function Return Value
CWE-284
Improper Access Control
CWE-287
Improper Authentication
CWE-290
Authentication Bypass by Spoofing
CWE-328
Use of Weak Hash
CWE-385
Covert Timing Channel
CWE-390
Detection of Error Condition Without Action
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-407
Inefficient Algorithmic Complexity
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CWE-415
Double Free
CWE-416
Use After Free
CWE-426
Untrusted Search Path
CWE-440
Expected Behavior Violation
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-476
NULL Pointer Dereference
CWE-674
Uncontrolled Recursion
CWE-697
Incorrect Comparison
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-789
Memory Allocation with Excessive Size Value
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-918
Server-Side Request Forgery (SSRF)
CWE-937
CWE-937
CWE-1035
CWE-1035
CWE-1284
Improper Validation of Specified Quantity in Input
CWE-1333
Inefficient Regular Expression Complexity
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden vari\u00ebren van 3.1 tot 9.8, wat wijst op een breed scala aan risico\u0027s, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "general",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications producten",
"tracking": {
"current_release_date": "2025-10-23T13:20:15.363063Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0330",
"initial_release_date": "2025-10-23T13:20:15.363063Z",
"revision_history": [
{
"date": "2025-10-23T13:20:15.363063Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Communications Cloud Native Core Console"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Management Cloud Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Communications Billing and Revenue Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Communications Calendar Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Automated Test Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Binding Support Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Certificate Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core DBTier"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Repository Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Slice Selection Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Policy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Service Communication Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Unified Data Repository"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle Communications Converged Charging System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergent Charging Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Oracle Communications Diameter Signaling Router"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE Element Management System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE LNP Application Processor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "Oracle Communications LSMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "Oracle Communications Messaging Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Analytics Data Director"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Charging and Control"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Integrity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "Oracle Communications Offline Mediation Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "Oracle Communications Operations Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "Oracle Communications Order and Service Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "Oracle Communications Pricing Design Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "Oracle Communications Service Catalog and Design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-33"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Assurance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-34"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Inventory Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-35"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Communications Broker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-36"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Operations Monitor"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26555",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26555 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-26555.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2023-26555"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7254 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-8006",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8006 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-8006"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-35164",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35164 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-35164.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-35164"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37371 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-37371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-50609",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-50609.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-50609"
},
{
"cve": "CVE-2024-51504",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "description",
"text": "Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-51504 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-51504"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-1948 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-1948.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-1948"
},
{
"cve": "CVE-2025-3576",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "other",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "description",
"text": "Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-3576 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3576.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-3576"
},
{
"cve": "CVE-2025-4373",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4373 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4373.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4802",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "description",
"text": "Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4802 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4802.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4802"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5399",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl\u0027s WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5399 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5399.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5399"
},
{
"cve": "CVE-2025-5889",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5889 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5889.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5889"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-7339",
"cwe": {
"id": "CWE-241",
"name": "Improper Handling of Unexpected Data Type"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7339 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7339.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7339"
},
{
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7425 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7425"
},
{
"cve": "CVE-2025-7962",
"cwe": {
"id": "CWE-147",
"name": "Improper Neutralization of Input Terminators"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7962"
},
{
"cve": "CVE-2025-8058",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8058 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8058.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8058"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25724 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25724.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-25724"
},
{
"cve": "CVE-2025-27210",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications\u0027 Cloud Native Environment has a non-exploitable Security-in-Depth issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27210 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27210"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-27553",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27553 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27553.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27553"
},
{
"cve": "CVE-2025-27587",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "description",
"text": "OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27587 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27587.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27587"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32415 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32415.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-32728",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32728 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32728.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32728"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS\u0027s certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle\u0027s flaw.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32990"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52999 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2025-53547",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53547 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53547.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53547"
},
{
"cve": "CVE-2025-53643",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53643 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53643.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53643"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54090",
"cwe": {
"id": "CWE-253",
"name": "Incorrect Check of Function Return Value"
},
"notes": [
{
"category": "other",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54090 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54090.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-54090"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-57803",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-57803 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57803.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-57803"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server\u0027s Perl component but is not exploitable.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-59375"
}
]
}
opensuse-su-2025:15019-1
Vulnerability from csaf_opensuse
Published
2025-04-23 00:00
Modified
2025-04-23 00:00
Summary
libxml2-2-2.13.8-1.1 on GA media
Notes
Title of the patch
libxml2-2-2.13.8-1.1 on GA media
Description of the patch
These are all security issues fixed in the libxml2-2-2.13.8-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15019
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libxml2-2-2.13.8-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libxml2-2-2.13.8-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15019",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15019-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15019-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HN7F2PARWMCPSROOCFF3CWKQYVSIH4RA/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15019-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HN7F2PARWMCPSROOCFF3CWKQYVSIH4RA/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-32414 page",
"url": "https://www.suse.com/security/cve/CVE-2025-32414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-32415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-32415/"
}
],
"title": "libxml2-2-2.13.8-1.1 on GA media",
"tracking": {
"current_release_date": "2025-04-23T00:00:00Z",
"generator": {
"date": "2025-04-23T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15019-1",
"initial_release_date": "2025-04-23T00:00:00Z",
"revision_history": [
{
"date": "2025-04-23T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libxml2-2-2.13.8-1.1.aarch64",
"product": {
"name": "libxml2-2-2.13.8-1.1.aarch64",
"product_id": "libxml2-2-2.13.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libxml2-2-32bit-2.13.8-1.1.aarch64",
"product": {
"name": "libxml2-2-32bit-2.13.8-1.1.aarch64",
"product_id": "libxml2-2-32bit-2.13.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libxml2-devel-2.13.8-1.1.aarch64",
"product": {
"name": "libxml2-devel-2.13.8-1.1.aarch64",
"product_id": "libxml2-devel-2.13.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libxml2-devel-32bit-2.13.8-1.1.aarch64",
"product": {
"name": "libxml2-devel-32bit-2.13.8-1.1.aarch64",
"product_id": "libxml2-devel-32bit-2.13.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libxml2-doc-2.13.8-1.1.aarch64",
"product": {
"name": "libxml2-doc-2.13.8-1.1.aarch64",
"product_id": "libxml2-doc-2.13.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libxml2-tools-2.13.8-1.1.aarch64",
"product": {
"name": "libxml2-tools-2.13.8-1.1.aarch64",
"product_id": "libxml2-tools-2.13.8-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-2-2.13.8-1.1.ppc64le",
"product": {
"name": "libxml2-2-2.13.8-1.1.ppc64le",
"product_id": "libxml2-2-2.13.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libxml2-2-32bit-2.13.8-1.1.ppc64le",
"product": {
"name": "libxml2-2-32bit-2.13.8-1.1.ppc64le",
"product_id": "libxml2-2-32bit-2.13.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libxml2-devel-2.13.8-1.1.ppc64le",
"product": {
"name": "libxml2-devel-2.13.8-1.1.ppc64le",
"product_id": "libxml2-devel-2.13.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libxml2-devel-32bit-2.13.8-1.1.ppc64le",
"product": {
"name": "libxml2-devel-32bit-2.13.8-1.1.ppc64le",
"product_id": "libxml2-devel-32bit-2.13.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libxml2-doc-2.13.8-1.1.ppc64le",
"product": {
"name": "libxml2-doc-2.13.8-1.1.ppc64le",
"product_id": "libxml2-doc-2.13.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libxml2-tools-2.13.8-1.1.ppc64le",
"product": {
"name": "libxml2-tools-2.13.8-1.1.ppc64le",
"product_id": "libxml2-tools-2.13.8-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-2-2.13.8-1.1.s390x",
"product": {
"name": "libxml2-2-2.13.8-1.1.s390x",
"product_id": "libxml2-2-2.13.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libxml2-2-32bit-2.13.8-1.1.s390x",
"product": {
"name": "libxml2-2-32bit-2.13.8-1.1.s390x",
"product_id": "libxml2-2-32bit-2.13.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libxml2-devel-2.13.8-1.1.s390x",
"product": {
"name": "libxml2-devel-2.13.8-1.1.s390x",
"product_id": "libxml2-devel-2.13.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libxml2-devel-32bit-2.13.8-1.1.s390x",
"product": {
"name": "libxml2-devel-32bit-2.13.8-1.1.s390x",
"product_id": "libxml2-devel-32bit-2.13.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libxml2-doc-2.13.8-1.1.s390x",
"product": {
"name": "libxml2-doc-2.13.8-1.1.s390x",
"product_id": "libxml2-doc-2.13.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libxml2-tools-2.13.8-1.1.s390x",
"product": {
"name": "libxml2-tools-2.13.8-1.1.s390x",
"product_id": "libxml2-tools-2.13.8-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-2-2.13.8-1.1.x86_64",
"product": {
"name": "libxml2-2-2.13.8-1.1.x86_64",
"product_id": "libxml2-2-2.13.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libxml2-2-32bit-2.13.8-1.1.x86_64",
"product": {
"name": "libxml2-2-32bit-2.13.8-1.1.x86_64",
"product_id": "libxml2-2-32bit-2.13.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libxml2-devel-2.13.8-1.1.x86_64",
"product": {
"name": "libxml2-devel-2.13.8-1.1.x86_64",
"product_id": "libxml2-devel-2.13.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libxml2-devel-32bit-2.13.8-1.1.x86_64",
"product": {
"name": "libxml2-devel-32bit-2.13.8-1.1.x86_64",
"product_id": "libxml2-devel-32bit-2.13.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libxml2-doc-2.13.8-1.1.x86_64",
"product": {
"name": "libxml2-doc-2.13.8-1.1.x86_64",
"product_id": "libxml2-doc-2.13.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libxml2-tools-2.13.8-1.1.x86_64",
"product": {
"name": "libxml2-tools-2.13.8-1.1.x86_64",
"product_id": "libxml2-tools-2.13.8-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-2-2.13.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.aarch64"
},
"product_reference": "libxml2-2-2.13.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-2-2.13.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.ppc64le"
},
"product_reference": "libxml2-2-2.13.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-2-2.13.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.s390x"
},
"product_reference": "libxml2-2-2.13.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-2-2.13.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.x86_64"
},
"product_reference": "libxml2-2-2.13.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-2-32bit-2.13.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.aarch64"
},
"product_reference": "libxml2-2-32bit-2.13.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-2-32bit-2.13.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.ppc64le"
},
"product_reference": "libxml2-2-32bit-2.13.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-2-32bit-2.13.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.s390x"
},
"product_reference": "libxml2-2-32bit-2.13.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-2-32bit-2.13.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.x86_64"
},
"product_reference": "libxml2-2-32bit-2.13.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-2.13.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.aarch64"
},
"product_reference": "libxml2-devel-2.13.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-2.13.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.ppc64le"
},
"product_reference": "libxml2-devel-2.13.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-2.13.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.s390x"
},
"product_reference": "libxml2-devel-2.13.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-2.13.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.x86_64"
},
"product_reference": "libxml2-devel-2.13.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-32bit-2.13.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.aarch64"
},
"product_reference": "libxml2-devel-32bit-2.13.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-32bit-2.13.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.ppc64le"
},
"product_reference": "libxml2-devel-32bit-2.13.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-32bit-2.13.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.s390x"
},
"product_reference": "libxml2-devel-32bit-2.13.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-32bit-2.13.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.x86_64"
},
"product_reference": "libxml2-devel-32bit-2.13.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-doc-2.13.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.aarch64"
},
"product_reference": "libxml2-doc-2.13.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-doc-2.13.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.ppc64le"
},
"product_reference": "libxml2-doc-2.13.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-doc-2.13.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.s390x"
},
"product_reference": "libxml2-doc-2.13.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-doc-2.13.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.x86_64"
},
"product_reference": "libxml2-doc-2.13.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-tools-2.13.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.aarch64"
},
"product_reference": "libxml2-tools-2.13.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-tools-2.13.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.ppc64le"
},
"product_reference": "libxml2-tools-2.13.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-tools-2.13.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.s390x"
},
"product_reference": "libxml2-tools-2.13.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-tools-2.13.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.x86_64"
},
"product_reference": "libxml2-tools-2.13.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-32414"
}
],
"notes": [
{
"category": "general",
"text": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-32414",
"url": "https://www.suse.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "SUSE Bug 1241551 for CVE-2025-32414",
"url": "https://bugzilla.suse.com/1241551"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-32414"
},
{
"cve": "CVE-2025-32415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-32415"
}
],
"notes": [
{
"category": "general",
"text": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-32415",
"url": "https://www.suse.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "SUSE Bug 1241453 for CVE-2025-32415",
"url": "https://bugzilla.suse.com/1241453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-2-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-2-32bit-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-devel-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-devel-32bit-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-doc-2.13.8-1.1.x86_64",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.aarch64",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.ppc64le",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.s390x",
"openSUSE Tumbleweed:libxml2-tools-2.13.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-23T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-32415"
}
]
}
rhsa-2025:14858
Vulnerability from csaf_redhat
Published
2025-09-04 17:05
Modified
2025-10-16 08:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.16.47 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.16.47 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.16.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.16.47. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHBA-2025:14854
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in
xmlAttrPtr (CVE-2025-7425)
* git: Git arbitrary code execution (CVE-2025-48384)
* git: Git arbitrary file writes (CVE-2025-48385)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
(CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.16 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.16.47 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.16.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.16.47. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2025:14854\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in\nxmlAttrPtr (CVE-2025-7425)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* git: Git arbitrary file writes (CVE-2025-48385)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables\n(CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14858",
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14858.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.16.47 bug fix and security update",
"tracking": {
"current_release_date": "2025-10-16T08:44:45+00:00",
"generator": {
"date": "2025-10-16T08:44:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:14858",
"initial_release_date": "2025-09-04T17:05:36+00:00",
"revision_history": [
{
"date": "2025-09-04T17:05:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-04T17:05:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-16T08:44:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.16",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16",
"product_id": "Red Hat OpenShift Container Platform 4.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.16"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.16"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.16"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.16"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.16"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.16"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.16"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.16"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.16"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.16"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.16"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.16"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.16"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.16"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.16"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.16"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.16"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.16"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.16"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.16"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
}
]
}
rhsa-2025:13684
Vulnerability from csaf_redhat
Published
2025-08-12 12:25
Modified
2025-10-10 17:37
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13684",
"url": "https://access.redhat.com/errata/RHSA-2025:13684"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13684.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2025-10-10T17:37:14+00:00",
"generator": {
"date": "2025-10-10T17:37:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13684",
"initial_release_date": "2025-08-12T12:25:23+00:00",
"revision_history": [
{
"date": "2025-08-12T12:25:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-12T12:25:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-10T17:37:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.0::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-1.el9_0.7.src",
"product": {
"name": "libxml2-0:2.9.13-1.el9_0.7.src",
"product_id": "libxml2-0:2.9.13-1.el9_0.7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-1.el9_0.7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-1.el9_0.7.aarch64",
"product": {
"name": "libxml2-0:2.9.13-1.el9_0.7.aarch64",
"product_id": "libxml2-0:2.9.13-1.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-1.el9_0.7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"product": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"product_id": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-1.el9_0.7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"product": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"product_id": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-1.el9_0.7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"product_id": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-1.el9_0.7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-1.el9_0.7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"product": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"product_id": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-1.el9_0.7?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"product": {
"name": "libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"product_id": "libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-1.el9_0.7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"product": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"product_id": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-1.el9_0.7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"product": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"product_id": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-1.el9_0.7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"product_id": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-1.el9_0.7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-1.el9_0.7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"product": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"product_id": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-1.el9_0.7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-1.el9_0.7.i686",
"product": {
"name": "libxml2-0:2.9.13-1.el9_0.7.i686",
"product_id": "libxml2-0:2.9.13-1.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-1.el9_0.7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"product": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"product_id": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-1.el9_0.7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"product_id": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-1.el9_0.7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-1.el9_0.7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"product": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"product_id": "libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-1.el9_0.7?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-1.el9_0.7.x86_64",
"product": {
"name": "libxml2-0:2.9.13-1.el9_0.7.x86_64",
"product_id": "libxml2-0:2.9.13-1.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-1.el9_0.7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"product": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"product_id": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-1.el9_0.7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"product": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"product_id": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-1.el9_0.7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"product_id": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-1.el9_0.7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-1.el9_0.7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"product": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"product_id": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-1.el9_0.7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-1.el9_0.7.s390x",
"product": {
"name": "libxml2-0:2.9.13-1.el9_0.7.s390x",
"product_id": "libxml2-0:2.9.13-1.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-1.el9_0.7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"product": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"product_id": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-1.el9_0.7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"product": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"product_id": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-1.el9_0.7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"product_id": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-1.el9_0.7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-1.el9_0.7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"product": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"product_id": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-1.el9_0.7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.src",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-12T12:25:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13684"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-12T12:25:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13684"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:14818
Vulnerability from csaf_redhat
Published
2025-09-04 17:03
Modified
2025-10-16 08:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.18.23 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.18.23 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.18.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.18.23. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2025:14816
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.18.23 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.18.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.18.23. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2025:14816\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14818",
"url": "https://access.redhat.com/errata/RHSA-2025:14818"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "OCPBUGS-54598",
"url": "https://issues.redhat.com/browse/OCPBUGS-54598"
},
{
"category": "external",
"summary": "OCPBUGS-60201",
"url": "https://issues.redhat.com/browse/OCPBUGS-60201"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14818.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.18.23 bug fix and security update",
"tracking": {
"current_release_date": "2025-10-16T08:44:44+00:00",
"generator": {
"date": "2025-10-16T08:44:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:14818",
"initial_release_date": "2025-09-04T17:03:51+00:00",
"revision_history": [
{
"date": "2025-09-04T17:03:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-04T17:03:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-16T08:44:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.18",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18",
"product_id": "Red Hat OpenShift Container Platform 4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:03:51+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata or x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:0bf2e8c1edf16de717c330b94d85f6d463c7208956b0a545cbb3fcf715e14c38\n\n (For s390x architecture)\n The image digest is sha256:893ccb2c14b7d7051cbe36098fd1f5655685e4798e0e5dfef7848ed40c8defde\n\n (For ppc64le architecture)\n The image digest is sha256:0833db4c468d81168bb43c46ad0f1af1cf7966b39fa3e2b519725cf96a784c3a\n\n (For aarch64 architecture)\n The image digest is sha256:aac369ac9c41f62395ec14d2ea7d8a577a5dcc796c5f2bdf0c615ff58bbeb76b\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14818"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.18"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:03:51+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata or x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:0bf2e8c1edf16de717c330b94d85f6d463c7208956b0a545cbb3fcf715e14c38\n\n (For s390x architecture)\n The image digest is sha256:893ccb2c14b7d7051cbe36098fd1f5655685e4798e0e5dfef7848ed40c8defde\n\n (For ppc64le architecture)\n The image digest is sha256:0833db4c468d81168bb43c46ad0f1af1cf7966b39fa3e2b519725cf96a784c3a\n\n (For aarch64 architecture)\n The image digest is sha256:aac369ac9c41f62395ec14d2ea7d8a577a5dcc796c5f2bdf0c615ff58bbeb76b\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14818"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.18"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:03:51+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata or x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:0bf2e8c1edf16de717c330b94d85f6d463c7208956b0a545cbb3fcf715e14c38\n\n (For s390x architecture)\n The image digest is sha256:893ccb2c14b7d7051cbe36098fd1f5655685e4798e0e5dfef7848ed40c8defde\n\n (For ppc64le architecture)\n The image digest is sha256:0833db4c468d81168bb43c46ad0f1af1cf7966b39fa3e2b519725cf96a784c3a\n\n (For aarch64 architecture)\n The image digest is sha256:aac369ac9c41f62395ec14d2ea7d8a577a5dcc796c5f2bdf0c615ff58bbeb76b\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14818"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.18"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:14644
Vulnerability from csaf_redhat
Published
2025-08-26 15:51
Modified
2025-10-22 06:21
Summary
Red Hat Security Advisory: Insights proxy Container Image
Notes
Topic
Initial GA Release of Red Hat Insights proxy
Details
The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights.
The Insights proxy routes all Red Hat Insights traffic through itself, providing a layer of privary and security for disconnected customer systems.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Initial GA Release of Red Hat Insights proxy",
"title": "Topic"
},
{
"category": "general",
"text": "The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights.\nThe Insights proxy routes all Red Hat Insights traffic through itself, providing a layer of privary and security for disconnected customer systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14644",
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32414",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32415",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14644.json"
}
],
"title": "Red Hat Security Advisory: Insights proxy Container Image",
"tracking": {
"current_release_date": "2025-10-22T06:21:54+00:00",
"generator": {
"date": "2025-10-22T06:21:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:14644",
"initial_release_date": "2025-08-26T15:51:25+00:00",
"revision_history": [
{
"date": "2025-08-26T15:51:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-26T15:51:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-22T06:21:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Insights proxy 1.5",
"product": {
"name": "Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:insights_proxy:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Insights proxy"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec?arch=amd64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1.5.6-1756187445"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3Ab7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652?arch=arm64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1.5.6-1756187445"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-26T15:51:25+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat Insights proxy product RPM.\nBefore applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-26T15:51:25+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat Insights proxy product RPM.\nBefore applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-26T15:51:25+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat Insights proxy product RPM.\nBefore applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:14853
Vulnerability from csaf_redhat
Published
2025-09-04 17:05
Modified
2025-10-16 08:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.14.56 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.14.56 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.14.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.14.56. There are no RPM packages for this release.
release:
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in
xmlAttrPtr (CVE-2025-7425)
* git: Git arbitrary code execution (CVE-2025-48384)
* git: Git arbitrary file writes (CVE-2025-48385)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
(CVE-2025-32415)
* jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute
(jv_string_vfmt) (CVE-2025-48060)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.14 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.14.56 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.14.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.14.56. There are no RPM packages for this release.\nrelease:\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in\nxmlAttrPtr (CVE-2025-7425)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* git: Git arbitrary file writes (CVE-2025-48385)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables\n(CVE-2025-32415)\n* jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute\n(jv_string_vfmt) (CVE-2025-48060)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14853",
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2367842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367842"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14853.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.14.56 bug fix and security update",
"tracking": {
"current_release_date": "2025-10-16T08:44:45+00:00",
"generator": {
"date": "2025-10-16T08:44:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:14853",
"initial_release_date": "2025-09-04T17:05:30+00:00",
"revision_history": [
{
"date": "2025-09-04T17:05:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-04T17:05:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-16T08:44:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.14",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14",
"product_id": "Red Hat OpenShift Container Platform 4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.14::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:30+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14\n\n (For s390x architecture)\n The image digest is sha256:758be0c12f06fadff01eb06d514ed48c306679706b3a82b72a2943f211003a7b\n\n (For ppc64le architecture)\n The image digest is sha256:9d022cdb3929572745d9b77d9f27e29fcc8ff5c7c5d04b404e81600601e7d6c7\n\n (For aarch64 architecture)\n The image digest is sha256:c75cf7a5560e7352860dcf9ae8f115a7ce7b45ca05744d65af7513ce4913ea7d\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.14"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:30+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14\n\n (For s390x architecture)\n The image digest is sha256:758be0c12f06fadff01eb06d514ed48c306679706b3a82b72a2943f211003a7b\n\n (For ppc64le architecture)\n The image digest is sha256:9d022cdb3929572745d9b77d9f27e29fcc8ff5c7c5d04b404e81600601e7d6c7\n\n (For aarch64 architecture)\n The image digest is sha256:c75cf7a5560e7352860dcf9ae8f115a7ce7b45ca05744d65af7513ce4913ea7d\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.14"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:30+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14\n\n (For s390x architecture)\n The image digest is sha256:758be0c12f06fadff01eb06d514ed48c306679706b3a82b72a2943f211003a7b\n\n (For ppc64le architecture)\n The image digest is sha256:9d022cdb3929572745d9b77d9f27e29fcc8ff5c7c5d04b404e81600601e7d6c7\n\n (For aarch64 architecture)\n The image digest is sha256:c75cf7a5560e7352860dcf9ae8f115a7ce7b45ca05744d65af7513ce4913ea7d\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.14"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-48060",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2025-05-21T18:00:55.721838+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367842"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing a specially crafted JSON input, allowing an attacker to trigger a buffer over-read of 2 bytes and cause a crash in jq with no other security impact. Due to these reasons, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-126: Buffer Over-read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nMemory access boundaries are enforced through secure coding practices, including bounds checking and automated detection of over-read conditions during development. Static analysis and peer reviews catch improper memory handling early, reducing the risk of vulnerabilities reaching production. Memory protection mechanisms restrict access to allocated regions at runtime, and process isolation contains memory faults within the affected workload. Additionally, a defense-in-depth monitoring strategy supports real-time detection of anomalous memory activity, enabling rapid response and limiting potential impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48060"
},
{
"category": "external",
"summary": "RHBZ#2367842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48060"
},
{
"category": "external",
"summary": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w",
"url": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w"
}
],
"release_date": "2025-05-21T17:32:43.602000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:30+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14\n\n (For s390x architecture)\n The image digest is sha256:758be0c12f06fadff01eb06d514ed48c306679706b3a82b72a2943f211003a7b\n\n (For ppc64le architecture)\n The image digest is sha256:9d022cdb3929572745d9b77d9f27e29fcc8ff5c7c5d04b404e81600601e7d6c7\n\n (For aarch64 architecture)\n The image digest is sha256:c75cf7a5560e7352860dcf9ae8f115a7ce7b45ca05744d65af7513ce4913ea7d\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "workaround",
"details": "Do not process untrusted input with the jq command line JSON processor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.14"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:30+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14\n\n (For s390x architecture)\n The image digest is sha256:758be0c12f06fadff01eb06d514ed48c306679706b3a82b72a2943f211003a7b\n\n (For ppc64le architecture)\n The image digest is sha256:9d022cdb3929572745d9b77d9f27e29fcc8ff5c7c5d04b404e81600601e7d6c7\n\n (For aarch64 architecture)\n The image digest is sha256:c75cf7a5560e7352860dcf9ae8f115a7ce7b45ca05744d65af7513ce4913ea7d\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.14"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.14"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:30+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14\n\n (For s390x architecture)\n The image digest is sha256:758be0c12f06fadff01eb06d514ed48c306679706b3a82b72a2943f211003a7b\n\n (For ppc64le architecture)\n The image digest is sha256:9d022cdb3929572745d9b77d9f27e29fcc8ff5c7c5d04b404e81600601e7d6c7\n\n (For aarch64 architecture)\n The image digest is sha256:c75cf7a5560e7352860dcf9ae8f115a7ce7b45ca05744d65af7513ce4913ea7d\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.14"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
}
]
}
rhsa-2025:14059
Vulnerability from csaf_redhat
Published
2025-08-27 21:46
Modified
2025-10-16 08:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.17.38 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.17.38 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.17.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.17.38. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2025:13976
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)
* git: Git arbitrary code execution (CVE-2025-48384)
* git: Git arbitrary file writes (CVE-2025-48385)
* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.17.38 is now available with updates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container Platform 4.17.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.17.38. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2025:13976\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* git: Git arbitrary file writes (CVE-2025-48385)\n* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14059",
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "OCPBUGS-54599",
"url": "https://issues.redhat.com/browse/OCPBUGS-54599"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14059.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.17.38 bug fix and security update",
"tracking": {
"current_release_date": "2025-10-16T08:44:40+00:00",
"generator": {
"date": "2025-10-16T08:44:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:14059",
"initial_release_date": "2025-08-27T21:46:50+00:00",
"revision_history": [
{
"date": "2025-08-27T21:46:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-27T21:46:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-16T08:44:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.17",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17",
"product_id": "Red Hat OpenShift Container Platform 4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ahmed Lekssays"
]
}
],
"cve": "CVE-2025-6021",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-12T07:55:45.428000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372406"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2\u0027s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate due to the lack of confidentiality impact and limited integrity concerns, with the main risk being potential denial-of-service from a crash. Exploitation requires crafted XML input and specific application behavior using xmlBuildQName. While it\u2019s a write overflow, modern mitigations make remote code execution unlikely.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.17"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6021"
},
{
"category": "external",
"summary": "RHBZ#2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
}
],
"release_date": "2025-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-27T21:46:50+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:fea49ae633643615f8707ecbe801b484181b87db0746d2d85592768dbddf43c9\n\n (For s390x architecture)\n The image digest is sha256:d3e9032b799e87cc82121c9da006d375845134120205fa2aa2edca033abf97d3\n\n (For ppc64le architecture)\n The image digest is sha256:6c6251666a8e89289819cdb9dd7269d1ab2d90fdcb96c2b15b2e04908d15fd88\n\n (For aarch64 architecture)\n The image digest is sha256:3b83546dc680f6e3975faf101471c4e29fdc76f406327665e22f63ff406246c0\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.17"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are strongly advised to apply vendor-supplied patches as soon as they become available to address the underlying integer overflow flaw in the affected code.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.17"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.17"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.17"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-27T21:46:50+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:fea49ae633643615f8707ecbe801b484181b87db0746d2d85592768dbddf43c9\n\n (For s390x architecture)\n The image digest is sha256:d3e9032b799e87cc82121c9da006d375845134120205fa2aa2edca033abf97d3\n\n (For ppc64le architecture)\n The image digest is sha256:6c6251666a8e89289819cdb9dd7269d1ab2d90fdcb96c2b15b2e04908d15fd88\n\n (For aarch64 architecture)\n The image digest is sha256:3b83546dc680f6e3975faf101471c4e29fdc76f406327665e22f63ff406246c0\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.17"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.17"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.17"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.17"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-27T21:46:50+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:fea49ae633643615f8707ecbe801b484181b87db0746d2d85592768dbddf43c9\n\n (For s390x architecture)\n The image digest is sha256:d3e9032b799e87cc82121c9da006d375845134120205fa2aa2edca033abf97d3\n\n (For ppc64le architecture)\n The image digest is sha256:6c6251666a8e89289819cdb9dd7269d1ab2d90fdcb96c2b15b2e04908d15fd88\n\n (For aarch64 architecture)\n The image digest is sha256:3b83546dc680f6e3975faf101471c4e29fdc76f406327665e22f63ff406246c0\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.17"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.17"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.17"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.17"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-27T21:46:50+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:fea49ae633643615f8707ecbe801b484181b87db0746d2d85592768dbddf43c9\n\n (For s390x architecture)\n The image digest is sha256:d3e9032b799e87cc82121c9da006d375845134120205fa2aa2edca033abf97d3\n\n (For ppc64le architecture)\n The image digest is sha256:6c6251666a8e89289819cdb9dd7269d1ab2d90fdcb96c2b15b2e04908d15fd88\n\n (For aarch64 architecture)\n The image digest is sha256:3b83546dc680f6e3975faf101471c4e29fdc76f406327665e22f63ff406246c0\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.17"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.17"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.17"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.17"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-27T21:46:50+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:fea49ae633643615f8707ecbe801b484181b87db0746d2d85592768dbddf43c9\n\n (For s390x architecture)\n The image digest is sha256:d3e9032b799e87cc82121c9da006d375845134120205fa2aa2edca033abf97d3\n\n (For ppc64le architecture)\n The image digest is sha256:6c6251666a8e89289819cdb9dd7269d1ab2d90fdcb96c2b15b2e04908d15fd88\n\n (For aarch64 architecture)\n The image digest is sha256:3b83546dc680f6e3975faf101471c4e29fdc76f406327665e22f63ff406246c0\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.17"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.17"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.17"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.17"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-27T21:46:50+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:fea49ae633643615f8707ecbe801b484181b87db0746d2d85592768dbddf43c9\n\n (For s390x architecture)\n The image digest is sha256:d3e9032b799e87cc82121c9da006d375845134120205fa2aa2edca033abf97d3\n\n (For ppc64le architecture)\n The image digest is sha256:6c6251666a8e89289819cdb9dd7269d1ab2d90fdcb96c2b15b2e04908d15fd88\n\n (For aarch64 architecture)\n The image digest is sha256:3b83546dc680f6e3975faf101471c4e29fdc76f406327665e22f63ff406246c0\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.17"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.17"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.17"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
}
]
}
rhsa-2025:15308
Vulnerability from csaf_redhat
Published
2025-09-11 12:02
Modified
2025-10-16 08:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.12.80 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.12.80 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.80. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2025:15307
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)
* git: Git arbitrary code execution (CVE-2025-48384)
* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.12.80 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.12.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.12.80. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2025:15307\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15308",
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15308.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.12.80 bug fix and security update",
"tracking": {
"current_release_date": "2025-10-16T08:44:49+00:00",
"generator": {
"date": "2025-10-16T08:44:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:15308",
"initial_release_date": "2025-09-11T12:02:09+00:00",
"revision_history": [
{
"date": "2025-09-11T12:02:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-11T12:02:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-16T08:44:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12",
"product_id": "Red Hat OpenShift Container Platform 4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ahmed Lekssays"
]
}
],
"cve": "CVE-2025-6021",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-12T07:55:45.428000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372406"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2\u0027s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate due to the lack of confidentiality impact and limited integrity concerns, with the main risk being potential denial-of-service from a crash. Exploitation requires crafted XML input and specific application behavior using xmlBuildQName. While it\u2019s a write overflow, modern mitigations make remote code execution unlikely.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6021"
},
{
"category": "external",
"summary": "RHBZ#2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
}
],
"release_date": "2025-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are strongly advised to apply vendor-supplied patches as soon as they become available to address the underlying integer overflow flaw in the affected code.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.12"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.12"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.12"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.12"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.12"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.12"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
}
]
}
rhsa-2025:13689
Vulnerability from csaf_redhat
Published
2025-08-12 12:44
Modified
2025-10-08 15:28
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13689",
"url": "https://access.redhat.com/errata/RHSA-2025:13689"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13689.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2025-10-08T15:28:41+00:00",
"generator": {
"date": "2025-10-08T15:28:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13689",
"initial_release_date": "2025-08-12T12:44:33+00:00",
"revision_history": [
{
"date": "2025-08-12T12:44:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-12T12:44:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-08T15:28:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"product": {
"name": "libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"product_id": "libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_2.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"product": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"product_id": "libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_2.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"product_id": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_2.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_2.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.7-9.el8_2.5.i686",
"product": {
"name": "libxml2-0:2.9.7-9.el8_2.5.i686",
"product_id": "libxml2-0:2.9.7-9.el8_2.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_2.5?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"product": {
"name": "libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"product_id": "libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_2.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"product": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"product_id": "libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_2.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"product_id": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_2.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_2.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.7-9.el8_2.5.x86_64",
"product": {
"name": "libxml2-0:2.9.7-9.el8_2.5.x86_64",
"product_id": "libxml2-0:2.9.7-9.el8_2.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_2.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"product": {
"name": "python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"product_id": "python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_2.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.7-9.el8_2.5.src",
"product": {
"name": "libxml2-0:2.9.7-9.el8_2.5.src",
"product_id": "libxml2-0:2.9.7-9.el8_2.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_2.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_2.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.i686"
},
"product_reference": "libxml2-0:2.9.7-9.el8_2.5.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_2.5.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.src"
},
"product_reference": "libxml2-0:2.9.7-9.el8_2.5.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_2.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.x86_64"
},
"product_reference": "libxml2-0:2.9.7-9.el8_2.5.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_2.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-9.el8_2.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-9.el8_2.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-9.el8_2.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_2.5.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_2.5.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.i686"
},
"product_reference": "libxml2-0:2.9.7-9.el8_2.5.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_2.5.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.src"
},
"product_reference": "libxml2-0:2.9.7-9.el8_2.5.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_2.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.x86_64"
},
"product_reference": "libxml2-0:2.9.7-9.el8_2.5.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_2.5.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-9.el8_2.5.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-9.el8_2.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-9.el8_2.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_2.5.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.src",
"AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.src",
"BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-12T12:44:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.src",
"AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.src",
"BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13689"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.src",
"AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.src",
"BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.src",
"AppStream-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"AppStream-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"AppStream-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.src",
"BaseOS-8.2.0.Z.AUS:libxml2-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_2.5.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.i686",
"BaseOS-8.2.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:16159
Vulnerability from csaf_redhat
Published
2025-09-25 09:09
Modified
2025-10-10 17:37
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.15.58 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.15.58 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.15.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.58. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2025:16158
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/
Security Fix(es):
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.15.58 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.15.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.15.58. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2025:16158\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/\n\nSecurity Fix(es):\n\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16159",
"url": "https://access.redhat.com/errata/RHSA-2025:16159"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16159.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.15.58 bug fix and security update",
"tracking": {
"current_release_date": "2025-10-10T17:37:18+00:00",
"generator": {
"date": "2025-10-10T17:37:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:16159",
"initial_release_date": "2025-09-25T09:09:37+00:00",
"revision_history": [
{
"date": "2025-09-25T09:09:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-25T09:09:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-10T17:37:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.15",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15",
"product_id": "Red Hat OpenShift Container Platform 4.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.15::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.15"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-25T09:09:37+00:00",
"details": "For OpenShift Container Platform 4.15 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:427fc0b133cc2aa45a68c36b603403ab278c845c0232e1c59387c4abfff01b9a\n\n (For s390x architecture)\n The image digest is sha256:ba89251bdd0f31c6a05306c3696dcaf38072eacf0b8ad8bfd7d8048b4038ccca\n\n (For ppc64le architecture)\n The image digest is sha256:9b60e5392e2733aab78a7a89f6735620ad229e415737c16b930efe59fe0810dd\n\n (For aarch64 architecture)\n The image digest is sha256:3843de0e1511bbe78f5045f6b7bcfbdc3f0836c9d07d5ec320033c8105a09890\n\nAll OpenShift Container Platform 4.15 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.15"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16159"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.15"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.15"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.15"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-25T09:09:37+00:00",
"details": "For OpenShift Container Platform 4.15 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:427fc0b133cc2aa45a68c36b603403ab278c845c0232e1c59387c4abfff01b9a\n\n (For s390x architecture)\n The image digest is sha256:ba89251bdd0f31c6a05306c3696dcaf38072eacf0b8ad8bfd7d8048b4038ccca\n\n (For ppc64le architecture)\n The image digest is sha256:9b60e5392e2733aab78a7a89f6735620ad229e415737c16b930efe59fe0810dd\n\n (For aarch64 architecture)\n The image digest is sha256:3843de0e1511bbe78f5045f6b7bcfbdc3f0836c9d07d5ec320033c8105a09890\n\nAll OpenShift Container Platform 4.15 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.15"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16159"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.15"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.15"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:13806
Vulnerability from csaf_redhat
Published
2025-08-13 16:02
Modified
2025-10-08 15:28
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13806",
"url": "https://access.redhat.com/errata/RHSA-2025:13806"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13806.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2025-10-08T15:28:42+00:00",
"generator": {
"date": "2025-10-08T15:28:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13806",
"initial_release_date": "2025-08-13T16:02:36+00:00",
"revision_history": [
{
"date": "2025-08-13T16:02:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-13T16:02:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-08T15:28:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.8::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.7-16.el8_8.12.src",
"product": {
"name": "libxml2-0:2.9.7-16.el8_8.12.src",
"product_id": "libxml2-0:2.9.7-16.el8_8.12.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.12?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"product": {
"name": "libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"product_id": "libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.12?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"product": {
"name": "python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"product_id": "python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.12?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"product": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"product_id": "libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.12?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"product_id": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.12?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.12?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"product": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"product_id": "libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.12?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.7-16.el8_8.12.i686",
"product": {
"name": "libxml2-0:2.9.7-16.el8_8.12.i686",
"product_id": "libxml2-0:2.9.7-16.el8_8.12.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.12?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"product": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"product_id": "libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.12?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"product_id": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.12?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.12?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"product": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"product_id": "libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.12?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.7-16.el8_8.12.x86_64",
"product": {
"name": "libxml2-0:2.9.7-16.el8_8.12.x86_64",
"product_id": "libxml2-0:2.9.7-16.el8_8.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.12?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"product": {
"name": "python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"product_id": "python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.12?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"product": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"product_id": "libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.12?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"product_id": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.12?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.12?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"product": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"product_id": "libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.12?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.ppc64le"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.src"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.src"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.ppc64le"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.src"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.src"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.src",
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.src",
"AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.src",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.src",
"BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-13T16:02:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.src",
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.src",
"AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.src",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.src",
"BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13806"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.src",
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.src",
"AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.src",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.src",
"BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.src",
"AppStream-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"AppStream-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.src",
"AppStream-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"AppStream-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"AppStream-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.src",
"BaseOS-8.8.0.Z.E4S:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.ppc64le",
"BaseOS-8.8.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.src",
"BaseOS-8.8.0.Z.TUS:libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-debugsource-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:libxml2-devel-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:python3-libxml2-0:2.9.7-16.el8_8.12.x86_64",
"BaseOS-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.i686",
"BaseOS-8.8.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:13681
Vulnerability from csaf_redhat
Published
2025-08-14 13:51
Modified
2025-10-22 16:53
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP1 security update
Notes
Topic
Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 1 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.62, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.
Security Fix(es):
* expat: Improper Restriction of XML Entity Expansion Depth in libexpat [jbcs-httpd-2.4] (CVE-2024-8176)
* httpd: HTTP Session Hijack via a TLS upgrade [jbcs-httpd-2.4] (CVE-2025-49812)
* httpd: access control bypass by trusted clients is possible using TLS 1.3 session resumption [jbcs-httpd-2.4] (CVE-2025-23048)
* httpd: insufficient escaping of user-supplied data in mod_ssl [jbcs-httpd-2.4] (CVE-2024-47252)
* httpd: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module [jbcs-httpd-2.4] (CVE-2025-49630)
* libxml2: Out-of-Bounds Read in libxml2 [jbcs-httpd-2.4] (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [jbcs-httpd-2.4] (CVE-2025-32415)
* jbcs-httpd24-mod_security: ModSecurity Has Possible DoS Vulnerability [jbcs-httpd-2.4] (CVE-2025-47947)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 1 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.62, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* expat: Improper Restriction of XML Entity Expansion Depth in libexpat [jbcs-httpd-2.4] (CVE-2024-8176)\n* httpd: HTTP Session Hijack via a TLS upgrade [jbcs-httpd-2.4] (CVE-2025-49812)\n* httpd: access control bypass by trusted clients is possible using TLS 1.3 session resumption [jbcs-httpd-2.4] (CVE-2025-23048)\n* httpd: insufficient escaping of user-supplied data in mod_ssl [jbcs-httpd-2.4] (CVE-2024-47252)\n* httpd: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module [jbcs-httpd-2.4] (CVE-2025-49630)\n* libxml2: Out-of-Bounds Read in libxml2 [jbcs-httpd-2.4] (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [jbcs-httpd-2.4] (CVE-2025-32415)\n* jbcs-httpd24-mod_security: ModSecurity Has Possible DoS Vulnerability [jbcs-httpd-2.4] (CVE-2025-47947)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13681",
"url": "https://access.redhat.com/errata/RHSA-2025:13681"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.62/html/red_hat_jboss_core_services_apache_http_server_2.4.62_service_pack_1_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.62/html/red_hat_jboss_core_services_apache_http_server_2.4.62_service_pack_1_release_notes/index"
},
{
"category": "external",
"summary": "2310137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2367903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367903"
},
{
"category": "external",
"summary": "2374571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374571"
},
{
"category": "external",
"summary": "2374576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374576"
},
{
"category": "external",
"summary": "2374578",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374578"
},
{
"category": "external",
"summary": "2374580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374580"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13681.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP1 security update",
"tracking": {
"current_release_date": "2025-10-22T16:53:28+00:00",
"generator": {
"date": "2025-10-22T16:53:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13681",
"initial_release_date": "2025-08-14T13:51:01+00:00",
"revision_history": [
{
"date": "2025-08-14T13:51:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-14T13:51:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-22T16:53:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services 2.4.62.SP1",
"product": {
"name": "Red Hat JBoss Core Services 2.4.62.SP1",
"product_id": "Red Hat JBoss Core Services 2.4.62.SP1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jann Horn"
],
"organization": "Google Project Zero"
},
{
"names": [
"Tomas Korbar",
"Sandipan Roy"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
},
{
"names": [
"Sebastian Pipping"
],
"organization": "libexpat"
}
],
"cve": "CVE-2024-8176",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-06-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310137"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All supported Red Hat offerings are built with the compilation flag (-fstack-clash-protection) which reduces the impact to Moderate. This build configuration blocks the possibility of an attacker gaining arbitrary code execution even if a stack-clash vulnerability, like this one, could be exploited.\n\nThis vulnerability is rated Moderate because Red Hat builds use the `-fstack-clash-protection` compiler flag, which mitigates the risk of arbitrary code execution from stack overflows. While the flaw allows a crash via uncontrolled recursion in XML parsing, the hardened stack layout prevents reliable memory corruption, limiting the impact to a Denial of Service (DoS) scenario.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-674: Uncontrolled Recursion vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation controls ensure that inputs triggering recursion are validated to stay within safe limits, which reduces the risk of infinite or excessive recursion. The implementation of least functionality on the platform further restricts potential impacts of recursions by disabling unnecessary recursive functions or features, thus reducing the available pathways for a would-be attacker. The inclusion of developer testing and evaluation ensures that recursive functions are tested and that safeguards like error handling are in place. In the case of successful exploitation, detection and containment controls are in place to limit impacts by alerting on anomalous system behavior in real time, while process isolation can limit impacts to a single process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8176"
},
{
"category": "external",
"summary": "RHBZ#2310137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/893",
"url": "https://github.com/libexpat/libexpat/issues/893"
}
],
"release_date": "2025-03-13T13:51:54.957000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-14T13:51:01+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat"
},
{
"cve": "CVE-2024-47252",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2025-06-24T12:37:22.090000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374571"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with \\\"%{varname}x\\\" or \\\"%{varname}c\\\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: insufficient escaping of user-supplied data in mod_ssl",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The issue rated as a Moderate vulnerability rather than an Important one because its impact is confined to log integrity without affecting the core security properties of the Apache HTTP Server such as confidentiality, availability, or direct system integrity. The flaw only occurs in non-default logging configurations where administrators explicitly use CustomLog directives with %{varname}x or %{varname}c to log mod_ssl variables like SSL_TLS_SNI, which limits the exposure. While an attacker-controlled TLS client can inject escape or control characters into the logs, potentially leading to log injection or misleading log entries, this does not allow execution of arbitrary code or compromise of the server itself. Furthermore, successful exploitation requires the attacker to craft specific TLS-level parameters, and there are no direct security consequences unless the logs are processed by downstream systems that are themselves vulnerable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47252"
},
{
"category": "external",
"summary": "RHBZ#2374571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374571"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47252",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47252"
}
],
"release_date": "2025-07-14T07:17:04.371000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-14T13:51:01+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13681"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: insufficient escaping of user-supplied data in mod_ssl"
},
{
"cve": "CVE-2025-23048",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-06-24T12:39:03.897000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374576"
}
],
"notes": [
{
"category": "description",
"text": "An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some mod_ssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if SSLStrictSNIVHostCheck is not enabled on either host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates. For example, with a different SSLCACertificateFile/Path setting.\n\nThis vulnerability is rated Moderate rather than Important due to the specific and uncommon configuration prerequisites needed for exploitation. The flaw allows a trusted client\u2014one already holding valid client certificates for one virtual host\u2014to potentially bypass access controls and access another virtual host by leveraging TLS 1.3 session resumption, only if the SSLStrictSNIVHostCheck directive is not enabled on either host. This bypass is not a general remote access issue, nor does it allow an unauthenticated or untrusted attacker to gain access. Furthermore, affected systems are those with complex, multi-tenant SSL client auth setups, which are relatively rare.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23048"
},
{
"category": "external",
"summary": "RHBZ#2374576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23048"
}
],
"release_date": "2025-07-14T07:19:43.612000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-14T13:51:01+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13681"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-14T13:51:01+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-14T13:51:01+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13681"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-47947",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-05-21T23:01:10.881787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367903"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_security2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload\u0027s content type is `application/json`, at least one rule performs a `sanitiseMatchedBytes` action, a security control that automatically cleans or neutralizes specific patterns of potentially harmful data that prevents malicious input from reaching systems or sensitive information from leaking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "modsecurity: ModSecurity Has Possible DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47947"
},
{
"category": "external",
"summary": "RHBZ#2367903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367903"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47947"
},
{
"category": "external",
"summary": "https://github.com/owasp-modsecurity/ModSecurity/pull/3389",
"url": "https://github.com/owasp-modsecurity/ModSecurity/pull/3389"
},
{
"category": "external",
"summary": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r",
"url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r"
}
],
"release_date": "2025-05-21T22:08:31.982000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-14T13:51:01+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "modsecurity: ModSecurity Has Possible DoS Vulnerability"
},
{
"cve": "CVE-2025-49630",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2025-06-24T12:39:07.584000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374578"
}
],
"notes": [
{
"category": "description",
"text": "An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the mod_proxy_http2 module, which likely results in an Apache HTTP server crash or denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability only affects Appache httpd if a reverse proxy is configured for an HTTP/2 backend, with the ProxyPreserveHost set to \\\"on\\\".\n\nThis vulnerability is rated as Moderate because it requires a highly specific and non-default configuration to be exploitable\u2014namely, an Apache HTTP Server acting as a reverse proxy with an HTTP/2 backend and ProxyPreserveHost set to \"on\". The flaw results in an assertion failure in the mod_proxy_http2 module when handling specially crafted inputs from untrusted clients. While this can lead to a denial of service via server crash, the impact is limited to availability, with no risk of remote code execution or data leakage. Additionally, the condition is recoverable through a simple restart, and there is no persistent state corruption.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49630"
},
{
"category": "external",
"summary": "RHBZ#2374578",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374578"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49630",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49630"
}
],
"release_date": "2025-07-14T07:22:15.866000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-14T13:51:01+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13681"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module"
},
{
"cve": "CVE-2025-49812",
"discovery_date": "2025-06-24T12:39:08.994000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374580"
}
],
"notes": [
{
"category": "description",
"text": "An HTTP session hijacking flaw was found in Apache httpd. In some mod_ssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: HTTP Session Hijack via a TLS upgrade",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Only configurations using the \\\"SSLEngine optional\\\" to enable TLS upgrades are affected.\n\nThis vulnerability is rated Moderate rather than Important primarily due to the narrow scope of affected configurations and preconditions required for exploitation. Specifically, it only impacts Apache HTTP Server setups where SSLEngine optional is used\u2014a rarely employed configuration that permits opportunistic TLS upgrades (also known as STARTTLS-style negotiation). For an attacker to successfully exploit this flaw, a man-in-the-middle (MitM) position is required, and the server must be using this optional TLS upgrade setup, which is uncommon and discouraged in modern secure deployments. The vulnerability arises due to HTTP desynchronization, allowing the attacker to potentially hijack sessions during the upgrade process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49812"
},
{
"category": "external",
"summary": "RHBZ#2374580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374580"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49812"
}
],
"release_date": "2025-07-14T07:24:13.282000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-14T13:51:01+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13681"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: HTTP Session Hijack via a TLS upgrade"
}
]
}
rhsa-2025:13688
Vulnerability from csaf_redhat
Published
2025-08-12 13:01
Modified
2025-10-08 15:28
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13688",
"url": "https://access.redhat.com/errata/RHSA-2025:13688"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13688.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2025-10-08T15:28:41+00:00",
"generator": {
"date": "2025-10-08T15:28:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13688",
"initial_release_date": "2025-08-12T13:01:38+00:00",
"revision_history": [
{
"date": "2025-08-12T13:01:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-12T13:01:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-08T15:28:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"product": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"product_id": "libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.12?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"product": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"product_id": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.12?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"product_id": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.12?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.12?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.7-13.el8_6.12.i686",
"product": {
"name": "libxml2-0:2.9.7-13.el8_6.12.i686",
"product_id": "libxml2-0:2.9.7-13.el8_6.12.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.12?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"product": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"product_id": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.12?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"product": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"product_id": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.12?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"product_id": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.12?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.12?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.7-13.el8_6.12.x86_64",
"product": {
"name": "libxml2-0:2.9.7-13.el8_6.12.x86_64",
"product_id": "libxml2-0:2.9.7-13.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.12?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"product": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"product_id": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.12?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.7-13.el8_6.12.src",
"product": {
"name": "libxml2-0:2.9.7-13.el8_6.12.src",
"product_id": "libxml2-0:2.9.7-13.el8_6.12.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.12?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.7-13.el8_6.12.aarch64",
"product": {
"name": "libxml2-0:2.9.7-13.el8_6.12.aarch64",
"product_id": "libxml2-0:2.9.7-13.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.12?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"product": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"product_id": "python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.12?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"product": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"product_id": "libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.12?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"product_id": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.12?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.12?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"product": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"product_id": "libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.12?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"product": {
"name": "libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"product_id": "libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.12?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"product": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"product_id": "python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.12?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"product": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"product_id": "libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.12?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"product_id": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.12?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.12?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"product": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"product_id": "libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.12?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.7-13.el8_6.12.s390x",
"product": {
"name": "libxml2-0:2.9.7-13.el8_6.12.s390x",
"product_id": "libxml2-0:2.9.7-13.el8_6.12.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.12?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"product": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"product_id": "python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.12?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"product": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"product_id": "libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.12?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"product_id": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.12?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.12?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"product": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"product_id": "libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.12?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.src"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.aarch64"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.ppc64le"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.s390x"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.src"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.s390x"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.s390x"
},
"product_reference": "python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.src"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.src"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.aarch64"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.ppc64le"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.s390x"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.src"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.s390x"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.s390x"
},
"product_reference": "python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.src"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.src",
"AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.src",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.src",
"AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.src",
"BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.src",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.src",
"BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-12T13:01:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.src",
"AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.src",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.src",
"AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.src",
"BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.src",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.src",
"BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13688"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.src",
"AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.src",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.src",
"AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.src",
"BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.src",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.src",
"BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.src",
"AppStream-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.src",
"AppStream-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"AppStream-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.src",
"AppStream-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"AppStream-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"AppStream-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.src",
"BaseOS-8.6.0.Z.AUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.src",
"BaseOS-8.6.0.Z.E4S:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.aarch64",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.ppc64le",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.s390x",
"BaseOS-8.6.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.src",
"BaseOS-8.6.0.Z.TUS:libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-debugsource-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:libxml2-devel-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:python3-libxml2-0:2.9.7-13.el8_6.12.x86_64",
"BaseOS-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.i686",
"BaseOS-8.6.0.Z.TUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:13683
Vulnerability from csaf_redhat
Published
2025-08-12 12:30
Modified
2025-10-10 17:37
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13683",
"url": "https://access.redhat.com/errata/RHSA-2025:13683"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13683.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2025-10-10T17:37:17+00:00",
"generator": {
"date": "2025-10-10T17:37:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13683",
"initial_release_date": "2025-08-12T12:30:08+00:00",
"revision_history": [
{
"date": "2025-08-12T12:30:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-12T12:30:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-10T17:37:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-3.el9_2.9.src",
"product": {
"name": "libxml2-0:2.9.13-3.el9_2.9.src",
"product_id": "libxml2-0:2.9.13-3.el9_2.9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-3.el9_2.9.aarch64",
"product": {
"name": "libxml2-0:2.9.13-3.el9_2.9.aarch64",
"product_id": "libxml2-0:2.9.13-3.el9_2.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"product": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"product_id": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"product": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"product_id": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"product_id": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"product": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"product_id": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"product": {
"name": "libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"product_id": "libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"product": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"product_id": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"product": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"product_id": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"product_id": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"product": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"product_id": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-3.el9_2.9.i686",
"product": {
"name": "libxml2-0:2.9.13-3.el9_2.9.i686",
"product_id": "libxml2-0:2.9.13-3.el9_2.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"product": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"product_id": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"product_id": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"product": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"product_id": "libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-3.el9_2.9.x86_64",
"product": {
"name": "libxml2-0:2.9.13-3.el9_2.9.x86_64",
"product_id": "libxml2-0:2.9.13-3.el9_2.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"product": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"product_id": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"product": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"product_id": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"product_id": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"product": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"product_id": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-3.el9_2.9.s390x",
"product": {
"name": "libxml2-0:2.9.13-3.el9_2.9.s390x",
"product_id": "libxml2-0:2.9.13-3.el9_2.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"product": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"product_id": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"product": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"product_id": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"product_id": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"product": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"product_id": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.src",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-12T12:30:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13683"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-12T12:30:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13683"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:13677
Vulnerability from csaf_redhat
Published
2025-08-12 09:47
Modified
2025-10-10 17:37
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13677",
"url": "https://access.redhat.com/errata/RHSA-2025:13677"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13677.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2025-10-10T17:37:13+00:00",
"generator": {
"date": "2025-10-10T17:37:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13677",
"initial_release_date": "2025-08-12T09:47:28+00:00",
"revision_history": [
{
"date": "2025-08-12T09:47:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-22T13:00:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-10T17:37:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"product": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"product_id": "libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-12.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"product": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"product_id": "libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-12.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"product_id": "libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-12.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-12.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.13-12.el9_4.aarch64",
"product": {
"name": "libxml2-0:2.9.13-12.el9_4.aarch64",
"product_id": "libxml2-0:2.9.13-12.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"product": {
"name": "python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"product_id": "python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-12.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"product": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"product_id": "libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-12.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"product": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"product_id": "libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-12.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"product_id": "libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-12.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-12.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.13-12.el9_4.ppc64le",
"product": {
"name": "libxml2-0:2.9.13-12.el9_4.ppc64le",
"product_id": "libxml2-0:2.9.13-12.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"product": {
"name": "python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"product_id": "python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-12.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-12.el9_4.i686",
"product": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.i686",
"product_id": "libxml2-devel-0:2.9.13-12.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-12.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"product": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"product_id": "libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-12.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"product_id": "libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-12.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-12.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.13-12.el9_4.i686",
"product": {
"name": "libxml2-0:2.9.13-12.el9_4.i686",
"product_id": "libxml2-0:2.9.13-12.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"product": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"product_id": "libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-12.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"product": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"product_id": "libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-12.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"product_id": "libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-12.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-12.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.13-12.el9_4.x86_64",
"product": {
"name": "libxml2-0:2.9.13-12.el9_4.x86_64",
"product_id": "libxml2-0:2.9.13-12.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"product": {
"name": "python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"product_id": "python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-12.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-12.el9_4.s390x",
"product": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.s390x",
"product_id": "libxml2-devel-0:2.9.13-12.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-12.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"product": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"product_id": "libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-12.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"product_id": "libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-12.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-12.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.13-12.el9_4.s390x",
"product": {
"name": "libxml2-0:2.9.13-12.el9_4.s390x",
"product_id": "libxml2-0:2.9.13-12.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-12.el9_4.s390x",
"product": {
"name": "python3-libxml2-0:2.9.13-12.el9_4.s390x",
"product_id": "python3-libxml2-0:2.9.13-12.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-12.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-12.el9_4.src",
"product": {
"name": "libxml2-0:2.9.13-12.el9_4.src",
"product_id": "libxml2-0:2.9.13-12.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64"
},
"product_reference": "libxml2-0:2.9.13-12.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686"
},
"product_reference": "libxml2-0:2.9.13-12.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le"
},
"product_reference": "libxml2-0:2.9.13-12.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x"
},
"product_reference": "libxml2-0:2.9.13-12.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src"
},
"product_reference": "libxml2-0:2.9.13-12.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64"
},
"product_reference": "libxml2-0:2.9.13-12.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64"
},
"product_reference": "libxml2-0:2.9.13-12.el9_4.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686"
},
"product_reference": "libxml2-0:2.9.13-12.el9_4.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le"
},
"product_reference": "libxml2-0:2.9.13-12.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x"
},
"product_reference": "libxml2-0:2.9.13-12.el9_4.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_4.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src"
},
"product_reference": "libxml2-0:2.9.13-12.el9_4.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64"
},
"product_reference": "libxml2-0:2.9.13-12.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_4.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_4.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_4.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-12T09:47:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13677"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-12T09:47:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13677"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"AppStream-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-debugsource-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:libxml2-devel-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-0:2.9.13-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.aarch64",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.i686",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.s390x",
"BaseOS-9.4.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:13203
Vulnerability from csaf_redhat
Published
2025-08-06 11:45
Modified
2025-10-08 15:28
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13203",
"url": "https://access.redhat.com/errata/RHSA-2025:13203"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13203.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2025-10-08T15:28:38+00:00",
"generator": {
"date": "2025-10-08T15:28:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13203",
"initial_release_date": "2025-08-06T11:45:18+00:00",
"revision_history": [
{
"date": "2025-08-06T11:45:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-06T11:45:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-08T15:28:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"product": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"product_id": "libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-21.el8_10.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"product": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"product_id": "libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-21.el8_10.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"product_id": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-21.el8_10.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-21.el8_10.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.7-21.el8_10.3.aarch64",
"product": {
"name": "libxml2-0:2.9.7-21.el8_10.3.aarch64",
"product_id": "libxml2-0:2.9.7-21.el8_10.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"product": {
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"product_id": "python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-21.el8_10.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"product": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"product_id": "libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-21.el8_10.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"product": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"product_id": "libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-21.el8_10.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"product_id": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-21.el8_10.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-21.el8_10.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"product": {
"name": "libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"product_id": "libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"product": {
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"product_id": "python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-21.el8_10.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"product": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"product_id": "libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-21.el8_10.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"product": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"product_id": "libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-21.el8_10.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"product_id": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-21.el8_10.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-21.el8_10.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.7-21.el8_10.3.i686",
"product": {
"name": "libxml2-0:2.9.7-21.el8_10.3.i686",
"product_id": "libxml2-0:2.9.7-21.el8_10.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"product": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"product_id": "libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-21.el8_10.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"product": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"product_id": "libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-21.el8_10.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"product_id": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-21.el8_10.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-21.el8_10.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.7-21.el8_10.3.x86_64",
"product": {
"name": "libxml2-0:2.9.7-21.el8_10.3.x86_64",
"product_id": "libxml2-0:2.9.7-21.el8_10.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"product": {
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"product_id": "python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-21.el8_10.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"product": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"product_id": "libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-21.el8_10.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"product": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"product_id": "libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-21.el8_10.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"product_id": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-21.el8_10.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-21.el8_10.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.7-21.el8_10.3.s390x",
"product": {
"name": "libxml2-0:2.9.7-21.el8_10.3.s390x",
"product_id": "libxml2-0:2.9.7-21.el8_10.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"product": {
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"product_id": "python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-21.el8_10.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.7-21.el8_10.3.src",
"product": {
"name": "libxml2-0:2.9.7-21.el8_10.3.src",
"product_id": "libxml2-0:2.9.7-21.el8_10.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-21.el8_10.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.aarch64"
},
"product_reference": "libxml2-0:2.9.7-21.el8_10.3.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-21.el8_10.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.i686"
},
"product_reference": "libxml2-0:2.9.7-21.el8_10.3.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-21.el8_10.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.ppc64le"
},
"product_reference": "libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-21.el8_10.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.s390x"
},
"product_reference": "libxml2-0:2.9.7-21.el8_10.3.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-21.el8_10.3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.src"
},
"product_reference": "libxml2-0:2.9.7-21.el8_10.3.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-21.el8_10.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.x86_64"
},
"product_reference": "libxml2-0:2.9.7-21.el8_10.3.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.s390x"
},
"product_reference": "libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.s390x"
},
"product_reference": "python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-21.el8_10.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.aarch64"
},
"product_reference": "libxml2-0:2.9.7-21.el8_10.3.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-21.el8_10.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.i686"
},
"product_reference": "libxml2-0:2.9.7-21.el8_10.3.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-21.el8_10.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.ppc64le"
},
"product_reference": "libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-21.el8_10.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.s390x"
},
"product_reference": "libxml2-0:2.9.7-21.el8_10.3.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-21.el8_10.3.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.src"
},
"product_reference": "libxml2-0:2.9.7-21.el8_10.3.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-21.el8_10.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.x86_64"
},
"product_reference": "libxml2-0:2.9.7-21.el8_10.3.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.s390x"
},
"product_reference": "libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-21.el8_10.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.s390x"
},
"product_reference": "python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-21.el8_10.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.src",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T11:45:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.src",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13203"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.src",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.src",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-21.el8_10.3.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-21.el8_10.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:13428
Vulnerability from csaf_redhat
Published
2025-08-07 13:37
Modified
2025-10-10 17:37
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13428",
"url": "https://access.redhat.com/errata/RHSA-2025:13428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13428.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2025-10-10T17:37:12+00:00",
"generator": {
"date": "2025-10-10T17:37:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13428",
"initial_release_date": "2025-08-07T13:37:10+00:00",
"revision_history": [
{
"date": "2025-08-07T13:37:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-22T13:49:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-10T17:37:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"product": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"product_id": "libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-12.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"product": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"product_id": "libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-12.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"product_id": "libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-12.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-12.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.13-12.el9_6.aarch64",
"product": {
"name": "libxml2-0:2.9.13-12.el9_6.aarch64",
"product_id": "libxml2-0:2.9.13-12.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"product": {
"name": "python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"product_id": "python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-12.el9_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"product": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"product_id": "libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-12.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"product": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"product_id": "libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-12.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"product_id": "libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-12.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-12.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.13-12.el9_6.ppc64le",
"product": {
"name": "libxml2-0:2.9.13-12.el9_6.ppc64le",
"product_id": "libxml2-0:2.9.13-12.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"product": {
"name": "python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"product_id": "python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-12.el9_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-12.el9_6.i686",
"product": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.i686",
"product_id": "libxml2-devel-0:2.9.13-12.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-12.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"product": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"product_id": "libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-12.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"product_id": "libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-12.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-12.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.13-12.el9_6.i686",
"product": {
"name": "libxml2-0:2.9.13-12.el9_6.i686",
"product_id": "libxml2-0:2.9.13-12.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"product": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"product_id": "libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-12.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"product": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"product_id": "libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-12.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"product_id": "libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-12.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-12.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.13-12.el9_6.x86_64",
"product": {
"name": "libxml2-0:2.9.13-12.el9_6.x86_64",
"product_id": "libxml2-0:2.9.13-12.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"product": {
"name": "python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"product_id": "python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-12.el9_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-12.el9_6.s390x",
"product": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.s390x",
"product_id": "libxml2-devel-0:2.9.13-12.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-12.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"product": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"product_id": "libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-12.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"product_id": "libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-12.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-12.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.13-12.el9_6.s390x",
"product": {
"name": "libxml2-0:2.9.13-12.el9_6.s390x",
"product_id": "libxml2-0:2.9.13-12.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-12.el9_6.s390x",
"product": {
"name": "python3-libxml2-0:2.9.13-12.el9_6.s390x",
"product_id": "python3-libxml2-0:2.9.13-12.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-12.el9_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-12.el9_6.src",
"product": {
"name": "libxml2-0:2.9.13-12.el9_6.src",
"product_id": "libxml2-0:2.9.13-12.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64"
},
"product_reference": "libxml2-0:2.9.13-12.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686"
},
"product_reference": "libxml2-0:2.9.13-12.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le"
},
"product_reference": "libxml2-0:2.9.13-12.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x"
},
"product_reference": "libxml2-0:2.9.13-12.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_6.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src"
},
"product_reference": "libxml2-0:2.9.13-12.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64"
},
"product_reference": "libxml2-0:2.9.13-12.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64"
},
"product_reference": "libxml2-0:2.9.13-12.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686"
},
"product_reference": "libxml2-0:2.9.13-12.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le"
},
"product_reference": "libxml2-0:2.9.13-12.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x"
},
"product_reference": "libxml2-0:2.9.13-12.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_6.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src"
},
"product_reference": "libxml2-0:2.9.13-12.el9_6.src",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-12.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64"
},
"product_reference": "libxml2-0:2.9.13-12.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-12.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-12.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-12.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-07T13:37:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13428"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-07T13:37:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13428"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-12.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-12.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:13789
Vulnerability from csaf_redhat
Published
2025-08-13 10:46
Modified
2025-10-08 15:28
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13789",
"url": "https://access.redhat.com/errata/RHSA-2025:13789"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13789.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2025-10-08T15:28:42+00:00",
"generator": {
"date": "2025-10-08T15:28:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13789",
"initial_release_date": "2025-08-13T10:46:22+00:00",
"revision_history": [
{
"date": "2025-08-13T10:46:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-13T10:46:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-08T15:28:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.1-6.el7_9.13.src",
"product": {
"name": "libxml2-0:2.9.1-6.el7_9.13.src",
"product_id": "libxml2-0:2.9.1-6.el7_9.13.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.1-6.el7_9.13?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.1-6.el7_9.13.i686",
"product": {
"name": "libxml2-0:2.9.1-6.el7_9.13.i686",
"product_id": "libxml2-0:2.9.1-6.el7_9.13.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.1-6.el7_9.13?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"product": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"product_id": "libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7_9.13?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"product": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"product_id": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7_9.13?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-static-0:2.9.1-6.el7_9.13.i686",
"product": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.i686",
"product_id": "libxml2-static-0:2.9.1-6.el7_9.13.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7_9.13?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.1-6.el7_9.13.x86_64",
"product": {
"name": "libxml2-0:2.9.1-6.el7_9.13.x86_64",
"product_id": "libxml2-0:2.9.1-6.el7_9.13.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.1-6.el7_9.13?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"product": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"product_id": "libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7_9.13?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"product": {
"name": "libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"product_id": "libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7_9.13?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"product_id": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7_9.13?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-static-0:2.9.1-6.el7_9.13.x86_64",
"product": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.x86_64",
"product_id": "libxml2-static-0:2.9.1-6.el7_9.13.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7_9.13?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.1-6.el7_9.13.ppc",
"product": {
"name": "libxml2-0:2.9.1-6.el7_9.13.ppc",
"product_id": "libxml2-0:2.9.1-6.el7_9.13.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.1-6.el7_9.13?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"product": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"product_id": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7_9.13?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"product": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"product_id": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7_9.13?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"product": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"product_id": "libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7_9.13?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.1-6.el7_9.13.ppc64",
"product": {
"name": "libxml2-0:2.9.1-6.el7_9.13.ppc64",
"product_id": "libxml2-0:2.9.1-6.el7_9.13.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.1-6.el7_9.13?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"product": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"product_id": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7_9.13?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"product": {
"name": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"product_id": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7_9.13?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"product": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"product_id": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7_9.13?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"product": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"product_id": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7_9.13?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"product": {
"name": "libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"product_id": "libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.1-6.el7_9.13?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"product": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"product_id": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7_9.13?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"product": {
"name": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"product_id": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7_9.13?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"product": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"product_id": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7_9.13?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"product": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"product_id": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7_9.13?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.1-6.el7_9.13.s390",
"product": {
"name": "libxml2-0:2.9.1-6.el7_9.13.s390",
"product_id": "libxml2-0:2.9.1-6.el7_9.13.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.1-6.el7_9.13?arch=s390"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"product": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"product_id": "libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7_9.13?arch=s390"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"product": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"product_id": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7_9.13?arch=s390"
}
}
},
{
"category": "product_version",
"name": "libxml2-static-0:2.9.1-6.el7_9.13.s390",
"product": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.s390",
"product_id": "libxml2-static-0:2.9.1-6.el7_9.13.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7_9.13?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.1-6.el7_9.13.s390x",
"product": {
"name": "libxml2-0:2.9.1-6.el7_9.13.s390x",
"product_id": "libxml2-0:2.9.1-6.el7_9.13.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.1-6.el7_9.13?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"product": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"product_id": "libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.1-6.el7_9.13?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"product": {
"name": "libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"product_id": "libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-python@2.9.1-6.el7_9.13?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"product": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"product_id": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.1-6.el7_9.13?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"product": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"product_id": "libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-static@2.9.1-6.el7_9.13?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.i686"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64le"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.s390"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.s390x"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.src"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.src",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.x86_64"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.i686"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390x"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64"
},
"product_reference": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64le"
},
"product_reference": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-python-0:2.9.1-6.el7_9.13.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.s390x"
},
"product_reference": "libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-python-0:2.9.1-6.el7_9.13.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.x86_64"
},
"product_reference": "libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.i686"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64le"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390x"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.x86_64"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.i686"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64le"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.s390"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.s390x"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.src as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.src"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.src",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.1-6.el7_9.13.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.x86_64"
},
"product_reference": "libxml2-0:2.9.1-6.el7_9.13.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.i686"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390x"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.1-6.el7_9.13.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64"
},
"product_reference": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64le"
},
"product_reference": "libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-python-0:2.9.1-6.el7_9.13.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.s390x"
},
"product_reference": "libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-python-0:2.9.1-6.el7_9.13.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.x86_64"
},
"product_reference": "libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.i686"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64le"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390x"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.9.1-6.el7_9.13.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.x86_64"
},
"product_reference": "libxml2-static-0:2.9.1-6.el7_9.13.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.src",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.src",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-13T10:46:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.src",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.src",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13789"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.src",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.src",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.src",
"7Server-ELS:libxml2-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.i686",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"7Server-ELS:libxml2-static-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.src",
"7Server-optional-ELS:libxml2-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-debuginfo-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-devel-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-python-0:2.9.1-6.el7_9.13.x86_64",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.i686",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.ppc64le",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.s390x",
"7Server-optional-ELS:libxml2-static-0:2.9.1-6.el7_9.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:13622
Vulnerability from csaf_redhat
Published
2025-08-11 11:42
Modified
2025-10-16 08:44
Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.5.2 release
Notes
Topic
Red Hat OpenShift distributed tracing platform (Jaeger) 3.5.2 has been released
Details
This release of the Red Hat OpenShift distributed tracing platform (Jaeger) provides security improvements.
Breaking changes:
* Nothing
Deprecations:
* Nothing
Technology Preview features:
* Nothing
Enhancements:
* Nothing
Bug fixes:
* https://access.redhat.com/security/cve/CVE-2025-7425
* https://access.redhat.com/security/cve/CVE-2025-8058
* https://access.redhat.com/security/cve/CVE-2025-32415
Known issues:
* Nothing
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift distributed tracing platform (Jaeger) 3.5.2 has been released",
"title": "Topic"
},
{
"category": "general",
"text": "This release of the Red Hat OpenShift distributed tracing platform (Jaeger) provides security improvements.\n\nBreaking changes:\n* Nothing\n\nDeprecations:\n* Nothing\n\nTechnology Preview features:\n* Nothing\n\nEnhancements:\n* Nothing\n\nBug fixes:\n* https://access.redhat.com/security/cve/CVE-2025-7425\n* https://access.redhat.com/security/cve/CVE-2025-8058\n* https://access.redhat.com/security/cve/CVE-2025-32415\n\nKnown issues:\n* Nothing",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13622",
"url": "https://access.redhat.com/errata/RHSA-2025:13622"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32415",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7425",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8058",
"url": "https://access.redhat.com/security/cve/CVE-2025-8058"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-jaeger",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-jaeger"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13622.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.5.2 release",
"tracking": {
"current_release_date": "2025-10-16T08:44:39+00:00",
"generator": {
"date": "2025-10-16T08:44:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13622",
"initial_release_date": "2025-08-11T11:42:43+00:00",
"revision_history": [
{
"date": "2025-08-11T11:42:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-11T11:42:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-16T08:44:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.5.2",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559845"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256%3A264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754569861"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ac56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559663"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ad9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Af61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559651"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3Af5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559846"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3Aef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559845"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Adeb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559663"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ab8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Ac6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559651"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559846"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3Aa3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559845"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Aa49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559663"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3A453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Aef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559651"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559846"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559845"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559663"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3A0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Adc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559651"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.5-1754559846"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64 as a component of Red Hat OpenShift distributed tracing 3.5.2",
"product_id": "Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.5.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-11T11:42:43+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13622"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8058",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"discovery_date": "2025-07-23T20:00:41.541234+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383146"
}
],
"notes": [
{
"category": "description",
"text": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: Double free in glibc",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-415: Double Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface by enforcing safe memory allocation and deallocation practices, lowering the risk of double-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code while providing real-time visibility into memory usage, reducing the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, minimizing the risk of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents compromised workloads from accessing other processes\u2019 memory, containing the potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8058"
},
{
"category": "external",
"summary": "RHBZ#2383146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33185",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33185"
},
{
"category": "external",
"summary": "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f",
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f"
}
],
"release_date": "2025-07-23T19:57:17.138000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-11T11:42:43+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13622"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: Double free in glibc"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-11T11:42:43+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13622"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6f387ea61bf4d0c11c8fadd8225d2eca24d19e28d596afa800149925154a345a_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:ef10956a206329b8213fb31855fbcc849d00e1e44adb307985009be2bfdb966e_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:1ed7ca9ba1fe229bb04b4b59b0a7161286786c025d5dbe688d3e68e0af85945b_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:57ef3d922681abc67745773f5f7232b23038767b05b5b4c713c3b5089ea9e295_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:593c9e2656e624b444bd45740c6e556c06137ab6cf7aaa0387799b10669b74e9_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:8b7e39460aebbd3bcefa9383c2d1f3df0d5dd57ee306ce89550fb8c46721819b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:9b7a37d182cfba30af3697887ee7c4faa3768f600dd6ec7dc35be26eba9b123d_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:deb807f053dacbbea6e950e13ee123bb8b9184e0d8eca0d04d5e8f48d3ef6a95_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:9a17a95797aa5ec5252ea801a4962d1a6a903facafe79dcc321a54fadfa9fee3_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:a49b8de5c60cd6af7fd0d70fbf0c7e9ae0b4e26eebe2ed2b4490e756ff07fa9c_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:b8ab8265ceed867796cf63e05b3c2b161ef289ec0ff1337c4b5c763228e747f3_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:d9b89779a57f1763bca3e68867447faa25da1846ffeae626309a1756b45d210a_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:43ce372ddc2de4dc633322ec84fca9927d5a6649068f58cfaa238de39d03a0d2_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:86d7a8aed1a64c10b5a52f56966645ed62ee40cd38c034bfe00b87ee4e3558a4_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f_amd64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b_arm64",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8_s390x",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:ef79fd809a6406f43bc90dc685ca2819694096abe4c4de7f6302a09683f883fd_ppc64le",
"Red Hat OpenShift distributed tracing 3.5.2:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f61bf9363bf43e6e6f0156d1c2eeeecef927a46e0940062429a47a058da057ab_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:13429
Vulnerability from csaf_redhat
Published
2025-08-07 13:27
Modified
2025-10-10 17:37
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13429",
"url": "https://access.redhat.com/errata/RHSA-2025:13429"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13429.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2025-10-10T17:37:13+00:00",
"generator": {
"date": "2025-10-10T17:37:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13429",
"initial_release_date": "2025-08-07T13:27:50+00:00",
"revision_history": [
{
"date": "2025-08-07T13:27:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-22T13:04:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-10T17:37:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.12.5-9.el10_0.src",
"product": {
"name": "libxml2-0:2.12.5-9.el10_0.src",
"product_id": "libxml2-0:2.12.5-9.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.12.5-9.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.12.5-9.el10_0.aarch64",
"product": {
"name": "libxml2-0:2.12.5-9.el10_0.aarch64",
"product_id": "libxml2-0:2.12.5-9.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.12.5-9.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"product": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"product_id": "python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.12.5-9.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"product": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"product_id": "libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.12.5-9.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"product": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"product_id": "libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.12.5-9.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"product_id": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.12.5-9.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"product": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"product_id": "libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.12.5-9.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-static-0:2.12.5-9.el10_0.aarch64",
"product": {
"name": "libxml2-static-0:2.12.5-9.el10_0.aarch64",
"product_id": "libxml2-static-0:2.12.5-9.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-static@2.12.5-9.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.12.5-9.el10_0.ppc64le",
"product": {
"name": "libxml2-0:2.12.5-9.el10_0.ppc64le",
"product_id": "libxml2-0:2.12.5-9.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.12.5-9.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"product": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"product_id": "python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.12.5-9.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"product": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"product_id": "libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.12.5-9.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"product": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"product_id": "libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.12.5-9.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"product": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"product_id": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.12.5-9.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"product": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"product_id": "libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.12.5-9.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"product": {
"name": "libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"product_id": "libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-static@2.12.5-9.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.12.5-9.el10_0.x86_64",
"product": {
"name": "libxml2-0:2.12.5-9.el10_0.x86_64",
"product_id": "libxml2-0:2.12.5-9.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.12.5-9.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"product": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"product_id": "python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.12.5-9.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"product": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"product_id": "libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.12.5-9.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"product_id": "libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.12.5-9.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"product_id": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.12.5-9.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"product": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"product_id": "libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.12.5-9.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-static-0:2.12.5-9.el10_0.x86_64",
"product": {
"name": "libxml2-static-0:2.12.5-9.el10_0.x86_64",
"product_id": "libxml2-static-0:2.12.5-9.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-static@2.12.5-9.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.12.5-9.el10_0.s390x",
"product": {
"name": "libxml2-0:2.12.5-9.el10_0.s390x",
"product_id": "libxml2-0:2.12.5-9.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.12.5-9.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.12.5-9.el10_0.s390x",
"product": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.s390x",
"product_id": "python3-libxml2-0:2.12.5-9.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.12.5-9.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"product": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"product_id": "libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.12.5-9.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"product": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"product_id": "libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.12.5-9.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"product": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"product_id": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.12.5-9.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.12.5-9.el10_0.s390x",
"product": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.s390x",
"product_id": "libxml2-devel-0:2.12.5-9.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.12.5-9.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-static-0:2.12.5-9.el10_0.s390x",
"product": {
"name": "libxml2-static-0:2.12.5-9.el10_0.s390x",
"product_id": "libxml2-static-0:2.12.5-9.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-static@2.12.5-9.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.src"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-devel-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-static-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-static-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-static-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "python3-libxml2-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.src"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.src",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-devel-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-static-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-static-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-static-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "python3-libxml2-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.src"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.src",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-devel-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "libxml2-static-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "libxml2-static-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-static-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "libxml2-static-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "python3-libxml2-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"relates_to_product_reference": "CRB-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"relates_to_product_reference": "CRB-10.0.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-07T13:27:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13429"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-07T13:27:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13429"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"AppStream-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"AppStream-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"BaseOS-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"BaseOS-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.src",
"CRB-10.0.Z:libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-debugsource-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-devel-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:libxml2-static-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-0:2.12.5-9.el10_0.x86_64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.aarch64",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.ppc64le",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.s390x",
"CRB-10.0.Z:python3-libxml2-debuginfo-0:2.12.5-9.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:14819
Vulnerability from csaf_redhat
Published
2025-09-02 19:25
Modified
2025-10-16 08:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.19.10 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.19.10 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.19.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.19.10. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2025:14817
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.19 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.19.10 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.19.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.19.10. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2025:14817\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.19 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14819",
"url": "https://access.redhat.com/errata/RHSA-2025:14819"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "OCPBUGS-58905",
"url": "https://issues.redhat.com/browse/OCPBUGS-58905"
},
{
"category": "external",
"summary": "OCPBUGS-60925",
"url": "https://issues.redhat.com/browse/OCPBUGS-60925"
},
{
"category": "external",
"summary": "OCPBUGS-60949",
"url": "https://issues.redhat.com/browse/OCPBUGS-60949"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14819.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.19.10 bug fix and security update",
"tracking": {
"current_release_date": "2025-10-16T08:44:44+00:00",
"generator": {
"date": "2025-10-16T08:44:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:14819",
"initial_release_date": "2025-09-02T19:25:33+00:00",
"revision_history": [
{
"date": "2025-09-02T19:25:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-02T19:25:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-16T08:44:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.19",
"product": {
"name": "Red Hat OpenShift Container Platform 4.19",
"product_id": "Red Hat OpenShift Container Platform 4.19",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.19::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.19"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-02T19:25:33+00:00",
"details": "For OpenShift Container Platform 4.19 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:2f9145136fb387d43c7fff55b30a036c14eb96b0992c292274b6f543c6c33857\n\n (For s390x architecture)\n The image digest is sha256:a7abeba0f7c9f810ae85ce6cd7d12e926af6143f9236e3c09eec54f71504c999\n\n (For ppc64le architecture)\n The image digest is sha256:890b7b27500f0efaa9c10f45c59303d119fbe70a0d29762d45a279bd65e86745\n\n (For aarch64 architecture)\n The image digest is sha256:4d3205f720af3af84c842db70ce08f16c4f98a86ea63c57aa85fe5dc12c6d672\n\nAll OpenShift Container Platform 4.19 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.19"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14819"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.19"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.19"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.19"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-02T19:25:33+00:00",
"details": "For OpenShift Container Platform 4.19 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:2f9145136fb387d43c7fff55b30a036c14eb96b0992c292274b6f543c6c33857\n\n (For s390x architecture)\n The image digest is sha256:a7abeba0f7c9f810ae85ce6cd7d12e926af6143f9236e3c09eec54f71504c999\n\n (For ppc64le architecture)\n The image digest is sha256:890b7b27500f0efaa9c10f45c59303d119fbe70a0d29762d45a279bd65e86745\n\n (For aarch64 architecture)\n The image digest is sha256:4d3205f720af3af84c842db70ce08f16c4f98a86ea63c57aa85fe5dc12c6d672\n\nAll OpenShift Container Platform 4.19 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.19"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14819"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.19"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.19"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.19"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-02T19:25:33+00:00",
"details": "For OpenShift Container Platform 4.19 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:2f9145136fb387d43c7fff55b30a036c14eb96b0992c292274b6f543c6c33857\n\n (For s390x architecture)\n The image digest is sha256:a7abeba0f7c9f810ae85ce6cd7d12e926af6143f9236e3c09eec54f71504c999\n\n (For ppc64le architecture)\n The image digest is sha256:890b7b27500f0efaa9c10f45c59303d119fbe70a0d29762d45a279bd65e86745\n\n (For aarch64 architecture)\n The image digest is sha256:4d3205f720af3af84c842db70ce08f16c4f98a86ea63c57aa85fe5dc12c6d672\n\nAll OpenShift Container Platform 4.19 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.19"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14819"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.19"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.19"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:15672
Vulnerability from csaf_redhat
Published
2025-09-18 05:46
Modified
2025-10-16 08:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.13.60 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.13.60 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.13.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.13.60. There are no RPM packages for this release:
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in
xmlAttrPtr (CVE-2025-7425)
* sudo: LPE via host option (CVE-2025-32462)
* git: Git arbitrary code execution (CVE-2025-48384)
* git: Git arbitrary file writes (CVE-2025-48385)
* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer
Overflow in libxml2 (CVE-2025-6021)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
(CVE-2025-32415)
* jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute
(jv_string_vfmt) (CVE-2025-48060)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.13 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.13.60 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.13.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.13.60. There are no RPM packages for this release:\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in\nxmlAttrPtr (CVE-2025-7425)\n* sudo: LPE via host option (CVE-2025-32462)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* git: Git arbitrary file writes (CVE-2025-48385)\n* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer\nOverflow in libxml2 (CVE-2025-6021)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables\n(CVE-2025-32415)\n* jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute\n(jv_string_vfmt) (CVE-2025-48060)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15672",
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2367842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367842"
},
{
"category": "external",
"summary": "2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "2374692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374692"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15672.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.13.60 bug fix and security update",
"tracking": {
"current_release_date": "2025-10-16T08:44:49+00:00",
"generator": {
"date": "2025-10-16T08:44:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:15672",
"initial_release_date": "2025-09-18T05:46:13+00:00",
"revision_history": [
{
"date": "2025-09-18T05:46:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-18T05:46:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-16T08:44:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.13",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13",
"product_id": "Red Hat OpenShift Container Platform 4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.13::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ahmed Lekssays"
]
}
],
"cve": "CVE-2025-6021",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-12T07:55:45.428000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372406"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2\u0027s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate due to the lack of confidentiality impact and limited integrity concerns, with the main risk being potential denial-of-service from a crash. Exploitation requires crafted XML input and specific application behavior using xmlBuildQName. While it\u2019s a write overflow, modern mitigations make remote code execution unlikely.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.13"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6021"
},
{
"category": "external",
"summary": "RHBZ#2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
}
],
"release_date": "2025-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are strongly advised to apply vendor-supplied patches as soon as they become available to address the underlying integer overflow flaw in the affected code.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.13"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.13"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.13"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-32462",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-06-24T21:21:40.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374692"
}
],
"notes": [
{
"category": "description",
"text": "A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (`-h` or `--host`). When using the default sudo security policy plugin (sudoers), the host option is intended to be used in conjunction with the list option (`-l` or `--list`) to determine what permissions a user has on a different system. However, this restriction can be bypassed, allowing a user to elevate their privileges on one system to the privileges they may have on a different system, effectively ignoring the host identifier in any sudoers rules. This vulnerability is particularly impactful for systems that share a single sudoers configuration file across multiple computers or use network-based user directories, such as LDAP, to provide sudoers rules on a system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: LPE via host option",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as a Local Privilege Escalation (LPE), meaning an attacker needs an authenticated account before they could exploit it. Due to this restriction, the severity is rated Important. Additionally, for a system to be vulnerable, it must already be in a non-default configuration.\n\nThe system\u2019s sudoers file must contain rules that define that user\u2019s privileges on a different system. There are multiple mechanisms a system administrator could use to distribute sudoers rules, such as LDAP, Ansible playbooks, or via inclusion in a \u201cGolden Image,\u201d and therefore may be affected by this vulnerability. In environments using LDAP to manage sudoers files, look for sudoRoles objects that use sudoHost values to manage different levels of user privliges across multiple systems.\n\nIn situations where host A\u2019s sudoers rules include permissions defined for another host B, a user on host A could use the privileges granted to them on host B while logged into host A. For example, a sudoers file on hostA and hostB might include the following rules:\n```\nAlice\thostA = ALL\nBob\thostB = ALL\n```\nIf Bob logs into hostA and runs `sudo some command`, Sudo will check that Bob has permission to run `some command` on hostA. Since Bob does NOT have that privilege on hostA, Sudo will deny the requested command.\n\nHowever, the local Sudo rules on hostA can be bypassed if Bob logs into hostA and runs `sudo -h hostB some command`. In this case, Sudo will verify that Bob has permission to run `some command` on hostB. Since Bob does have that privilege, Sudo will run the requested command on hostA, where Bob is currently logged in.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.13"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32462"
},
{
"category": "external",
"summary": "RHBZ#2374692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32462"
},
{
"category": "external",
"summary": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host",
"url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host"
},
{
"category": "external",
"summary": "https://www.sudo.ws/security/advisories/host_any/",
"url": "https://www.sudo.ws/security/advisories/host_any/"
}
],
"release_date": "2025-06-30T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "For environments using sudoers files: Remove rules defined in sudoers files that are for any system other than the local system.\n\nFor environments using LDAP: Use a narrow-scoped search path in the SSSD configuration so rules that don\u2019t apply to a system are not included in the LDAP query results.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: LPE via host option"
},
{
"cve": "CVE-2025-48060",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2025-05-21T18:00:55.721838+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367842"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing a specially crafted JSON input, allowing an attacker to trigger a buffer over-read of 2 bytes and cause a crash in jq with no other security impact. Due to these reasons, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-126: Buffer Over-read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nMemory access boundaries are enforced through secure coding practices, including bounds checking and automated detection of over-read conditions during development. Static analysis and peer reviews catch improper memory handling early, reducing the risk of vulnerabilities reaching production. Memory protection mechanisms restrict access to allocated regions at runtime, and process isolation contains memory faults within the affected workload. Additionally, a defense-in-depth monitoring strategy supports real-time detection of anomalous memory activity, enabling rapid response and limiting potential impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.13"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48060"
},
{
"category": "external",
"summary": "RHBZ#2367842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48060"
},
{
"category": "external",
"summary": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w",
"url": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w"
}
],
"release_date": "2025-05-21T17:32:43.602000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Do not process untrusted input with the jq command line JSON processor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.13"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4.13"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Container Platform 4.13"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
}
]
}
rhsa-2025:13788
Vulnerability from csaf_redhat
Published
2025-08-13 10:38
Modified
2025-10-08 15:28
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13788",
"url": "https://access.redhat.com/errata/RHSA-2025:13788"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13788.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2025-10-08T15:28:41+00:00",
"generator": {
"date": "2025-10-08T15:28:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:13788",
"initial_release_date": "2025-08-13T10:38:41+00:00",
"revision_history": [
{
"date": "2025-08-13T10:38:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-13T10:38:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-08T15:28:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"product": {
"name": "libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"product_id": "libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"product": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.7-9.el8_4.8.i686",
"product": {
"name": "libxml2-0:2.9.7-9.el8_4.8.i686",
"product_id": "libxml2-0:2.9.7-9.el8_4.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"product": {
"name": "libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"product_id": "libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"product": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-0:2.9.7-9.el8_4.8.x86_64",
"product": {
"name": "libxml2-0:2.9.7-9.el8_4.8.x86_64",
"product_id": "libxml2-0:2.9.7-9.el8_4.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"product": {
"name": "python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"product_id": "python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.7-9.el8_4.8.src",
"product": {
"name": "libxml2-0:2.9.7-9.el8_4.8.src",
"product_id": "libxml2-0:2.9.7-9.el8_4.8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_4.8.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.src"
},
"product_reference": "libxml2-0:2.9.7-9.el8_4.8.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_4.8.src as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.src"
},
"product_reference": "libxml2-0:2.9.7-9.el8_4.8.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_4.8.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.src"
},
"product_reference": "libxml2-0:2.9.7-9.el8_4.8.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_4.8.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.src"
},
"product_reference": "libxml2-0:2.9.7-9.el8_4.8.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.src",
"AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.src",
"BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-13T10:38:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.src",
"AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.src",
"BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13788"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.src",
"AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.src",
"BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.src",
"AppStream-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.src",
"BaseOS-8.4.0.Z.AUS:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-debugsource-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libxml2-devel-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-0:2.9.7-9.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
rhsa-2025:14186
Vulnerability from csaf_redhat
Published
2025-08-20 16:02
Modified
2025-10-08 15:28
Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Notes
Topic
A Subscription Management tool for finding and reporting Red Hat product usage
Details
Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14186",
"url": "https://access.redhat.com/errata/RHSA-2025:14186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32415",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8058",
"url": "https://access.redhat.com/security/cve/CVE-2025-8058"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14186.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2025-10-08T15:28:43+00:00",
"generator": {
"date": "2025-10-08T15:28:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:14186",
"initial_release_date": "2025-08-20T16:02:39+00:00",
"revision_history": [
{
"date": "2025-08-20T16:02:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-20T16:02:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-08T15:28:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.1.0-1755553939"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.1.0-1755621568"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.1.0-1755553939"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.1.0-1755621568"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8058",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"discovery_date": "2025-07-23T20:00:41.541234+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383146"
}
],
"notes": [
{
"category": "description",
"text": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: Double free in glibc",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-415: Double Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface by enforcing safe memory allocation and deallocation practices, lowering the risk of double-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code while providing real-time visibility into memory usage, reducing the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, minimizing the risk of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents compromised workloads from accessing other processes\u2019 memory, containing the potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8058"
},
{
"category": "external",
"summary": "RHBZ#2383146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33185",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33185"
},
{
"category": "external",
"summary": "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f",
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f"
}
],
"release_date": "2025-07-23T19:57:17.138000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-20T16:02:39+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14186"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: Double free in glibc"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-20T16:02:39+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14186"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6464f1f591001fd514a87e3c7347d2ce709b9c97edaad2d0d649ae69499049e9_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:433bf55ccfa4cf7280f586fb3471bf84246e7f428f8ee9e99de9e36b635b7b09_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:9406c22bb1db456a5c81251cf1763822eb008504ad654203a1edc77076596c1d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
wid-sec-w-2025-1905
Vulnerability from csaf_certbund
Published
2025-08-25 22:00
Modified
2025-08-27 22:00
Summary
IBM QRadar SIEM Komponente: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM Komponenten ausnutzen, um Daten zu manipulieren, um einen Denial of Service Angriff durchzuführen, um beliebigen Programmcode auszuführen, um Sicherheitsvorkehrungen zu umgehen, und um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- UNIX
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM Komponenten ausnutzen, um Daten zu manipulieren, um einen Denial of Service Angriff durchzuf\u00fchren, um beliebigen Programmcode auszuf\u00fchren, um Sicherheitsvorkehrungen zu umgehen, und um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1905 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1905.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1905 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1905"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7243011 vom 2025-08-25",
"url": "https://www.ibm.com/support/pages/node/7243011"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14746 vom 2025-08-27",
"url": "https://access.redhat.com/errata/RHSA-2025:14746"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14748 vom 2025-08-27",
"url": "https://access.redhat.com/errata/RHSA-2025:14748"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM Komponente: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-27T22:00:00.000+00:00",
"generator": {
"date": "2025-08-28T05:52:03.530+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1905",
"initial_release_date": "2025-08-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-27T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP13 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP13 IF01",
"product_id": "T046492"
}
},
{
"category": "product_version",
"name": "7.5.0 UP13 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP13 IF01",
"product_id": "T046492-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up13_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-17543",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2019-17543"
},
{
"cve": "CVE-2019-5427",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2019-5427"
},
{
"cve": "CVE-2020-5260",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2020-5260"
},
{
"cve": "CVE-2022-49058",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2022-49058"
},
{
"cve": "CVE-2022-49111",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2022-49111"
},
{
"cve": "CVE-2022-49136",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2022-49136"
},
{
"cve": "CVE-2022-49788",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2022-49788"
},
{
"cve": "CVE-2022-49846",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2022-49846"
},
{
"cve": "CVE-2022-49977",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2022-49977"
},
{
"cve": "CVE-2022-50020",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2022-50020"
},
{
"cve": "CVE-2024-23337",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-23337"
},
{
"cve": "CVE-2024-28956",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-28956"
},
{
"cve": "CVE-2024-34397",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-34397"
},
{
"cve": "CVE-2024-43420",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-43420"
},
{
"cve": "CVE-2024-45332",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-45332"
},
{
"cve": "CVE-2024-50154",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-50154"
},
{
"cve": "CVE-2024-50349",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-50349"
},
{
"cve": "CVE-2024-52006",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-52006"
},
{
"cve": "CVE-2024-52533",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-52533"
},
{
"cve": "CVE-2024-53920",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-53920"
},
{
"cve": "CVE-2024-54661",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-54661"
},
{
"cve": "CVE-2024-57980",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-58002",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-6531",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2024-6531"
},
{
"cve": "CVE-2025-20012",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-20012"
},
{
"cve": "CVE-2025-20623",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-20623"
},
{
"cve": "CVE-2025-21905",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-21905"
},
{
"cve": "CVE-2025-21919",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-21919"
},
{
"cve": "CVE-2025-21928",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-21928"
},
{
"cve": "CVE-2025-21991",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-21991"
},
{
"cve": "CVE-2025-22004",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-22004"
},
{
"cve": "CVE-2025-22020",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-22020"
},
{
"cve": "CVE-2025-23150",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-23150"
},
{
"cve": "CVE-2025-24495",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-24495"
},
{
"cve": "CVE-2025-27613",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-27613"
},
{
"cve": "CVE-2025-27614",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-27614"
},
{
"cve": "CVE-2025-32415",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-37738",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-37738"
},
{
"cve": "CVE-2025-37890",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-37890"
},
{
"cve": "CVE-2025-38052",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-38052"
},
{
"cve": "CVE-2025-38079",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38086",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-38086"
},
{
"cve": "CVE-2025-4373",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-46835",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-46835"
},
{
"cve": "CVE-2025-47273",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-47273"
},
{
"cve": "CVE-2025-48060",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-48060"
},
{
"cve": "CVE-2025-48384",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-48384"
},
{
"cve": "CVE-2025-48385",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-48385"
},
{
"cve": "CVE-2025-49794",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-49794"
},
{
"cve": "CVE-2025-49796",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-52434",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-52434"
},
{
"cve": "CVE-2025-52520",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-52520"
},
{
"cve": "CVE-2025-53506",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-53506"
},
{
"cve": "CVE-2025-55668",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-55668"
},
{
"cve": "CVE-2025-6021",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-6021"
},
{
"cve": "CVE-2025-6965",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-7425",
"product_status": {
"known_affected": [
"67646",
"T046492"
]
},
"release_date": "2025-08-25T22:00:00.000+00:00",
"title": "CVE-2025-7425"
}
]
}
wid-sec-w-2025-1567
Vulnerability from csaf_certbund
Published
2025-07-15 22:00
Modified
2025-09-17 22:00
Summary
Oracle MySQL: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
MySQL ist ein Open Source Datenbankserver von Oracle.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MySQL ist ein Open Source Datenbankserver von Oracle.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1567 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1567.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1567 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1567"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2025 - Appendix Oracle MySQL vom 2025-07-15",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7691-1 vom 2025-08-13",
"url": "https://ubuntu.com/security/notices/USN-7691-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15699 vom 2025-09-11",
"url": "https://access.redhat.com/errata/RHSA-2025:15699"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-15699 vom 2025-09-13",
"url": "http://linux.oracle.com/errata/ELSA-2025-15699.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:16046 vom 2025-09-17",
"url": "https://access.redhat.com/errata/RHSA-2025:16046"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:16086 vom 2025-09-17",
"url": "https://access.redhat.com/errata/RHSA-2025:16086"
}
],
"source_lang": "en-US",
"title": "Oracle MySQL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-09-17T22:00:00.000+00:00",
"generator": {
"date": "2025-09-18T07:01:16.608+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1567",
"initial_release_date": "2025-07-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-07-16T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-21495, EUVD-2025-21498, EUVD-2025-21496, EUVD-2025-21494"
},
{
"date": "2025-08-13T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-09-11T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-14T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-09-16T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-17T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=8.0.25",
"product": {
"name": "Oracle MySQL \u003c=8.0.25",
"product_id": "858557"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.25",
"product": {
"name": "Oracle MySQL \u003c=8.0.25",
"product_id": "858557-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.1.0",
"product": {
"name": "Oracle MySQL \u003c=9.1.0",
"product_id": "T040478"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.1.0",
"product": {
"name": "Oracle MySQL \u003c=9.1.0",
"product_id": "T040478-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.41",
"product": {
"name": "Oracle MySQL \u003c=8.0.41",
"product_id": "T042823"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.41",
"product": {
"name": "Oracle MySQL \u003c=8.0.41",
"product_id": "T042823-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.2.0",
"product": {
"name": "Oracle MySQL \u003c=9.2.0",
"product_id": "T042824"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.2.0",
"product": {
"name": "Oracle MySQL \u003c=9.2.0",
"product_id": "T042824-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.4",
"product": {
"name": "Oracle MySQL \u003c=8.4.4",
"product_id": "T042826"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.4",
"product": {
"name": "Oracle MySQL \u003c=8.4.4",
"product_id": "T042826-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.42",
"product": {
"name": "Oracle MySQL \u003c=8.0.42",
"product_id": "T045391"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.42",
"product": {
"name": "Oracle MySQL \u003c=8.0.42",
"product_id": "T045391-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.5",
"product": {
"name": "Oracle MySQL \u003c=8.4.5",
"product_id": "T045392"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.5",
"product": {
"name": "Oracle MySQL \u003c=8.4.5",
"product_id": "T045392-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.3.0",
"product": {
"name": "Oracle MySQL \u003c=9.3.0",
"product_id": "T045393"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.3.0",
"product": {
"name": "Oracle MySQL \u003c=9.3.0",
"product_id": "T045393-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.6.34",
"product": {
"name": "Oracle MySQL \u003c=7.6.34",
"product_id": "T045394"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.6.34",
"product": {
"name": "Oracle MySQL \u003c=7.6.34",
"product_id": "T045394-fixed"
}
}
],
"category": "product_name",
"name": "MySQL"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-37891",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-9287",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2024-9287"
},
{
"cve": "CVE-2025-0725",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-0725"
},
{
"cve": "CVE-2025-32415",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-50068",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50068"
},
{
"cve": "CVE-2025-50076",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50076"
},
{
"cve": "CVE-2025-50077",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50077"
},
{
"cve": "CVE-2025-50078",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50078"
},
{
"cve": "CVE-2025-50079",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50079"
},
{
"cve": "CVE-2025-50080",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50080"
},
{
"cve": "CVE-2025-50081",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50081"
},
{
"cve": "CVE-2025-50082",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50082"
},
{
"cve": "CVE-2025-50083",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50083"
},
{
"cve": "CVE-2025-50084",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50084"
},
{
"cve": "CVE-2025-50085",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50085"
},
{
"cve": "CVE-2025-50086",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50086"
},
{
"cve": "CVE-2025-50087",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50087"
},
{
"cve": "CVE-2025-50088",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50088"
},
{
"cve": "CVE-2025-50089",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50089"
},
{
"cve": "CVE-2025-50091",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50091"
},
{
"cve": "CVE-2025-50092",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50092"
},
{
"cve": "CVE-2025-50093",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50093"
},
{
"cve": "CVE-2025-50094",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50094"
},
{
"cve": "CVE-2025-50095",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50095"
},
{
"cve": "CVE-2025-50096",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50096"
},
{
"cve": "CVE-2025-50097",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50097"
},
{
"cve": "CVE-2025-50098",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50098"
},
{
"cve": "CVE-2025-50099",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50099"
},
{
"cve": "CVE-2025-50100",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50100"
},
{
"cve": "CVE-2025-50101",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50101"
},
{
"cve": "CVE-2025-50102",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50102"
},
{
"cve": "CVE-2025-50103",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50103"
},
{
"cve": "CVE-2025-50104",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-50104"
},
{
"cve": "CVE-2025-53023",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-53023"
},
{
"cve": "CVE-2025-53032",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-53032"
},
{
"cve": "CVE-2025-5399",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914"
],
"last_affected": [
"T045392",
"T042823",
"T045391",
"858557",
"T042824",
"T045394",
"T045393",
"T040478",
"T042826"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-5399"
}
]
}
wid-sec-w-2025-0853
Vulnerability from csaf_certbund
Published
2025-04-21 22:00
Modified
2025-09-17 22:00
Summary
libxml2: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
libxml ist ein C Parser und Toolkit, welches für das Gnome Projekt entwickelt wurde.
Angriff
Ein Angreifer kann eine Schwachstelle in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "libxml ist ein C Parser und Toolkit, welches f\u00fcr das Gnome Projekt entwickelt wurde.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann eine Schwachstelle in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0853 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0853.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0853 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0853"
},
{
"category": "external",
"summary": "libxml2 Issue #890 vom 2025-04-21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
},
{
"category": "external",
"summary": "Red Hat Bugtracker #2360768 vom 2025-04-21",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "NIST CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15019-1 vom 2025-04-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/HN7F2PARWMCPSROOCFF3CWKQYVSIH4RA/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7467-1 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7467-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7467-2 vom 2025-04-29",
"url": "https://ubuntu.com/security/notices/USN-7467-2"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4146 vom 2025-04-30",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1440-1 vom 2025-05-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020770.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1439-1 vom 2025-05-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020771.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1435-1 vom 2025-05-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020763.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1438-1 vom 2025-05-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020772.html"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2025-10 vom 2025-05-22",
"url": "https://de.tenable.com/security/tns-2025-10"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2860 vom 2025-05-29",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2860.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20333-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020973.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20364-1 vom 2025-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021010.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7235623 vom 2025-06-04",
"url": "https://www.ibm.com/support/pages/node/7235623"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20250605-0003 vom 2025-06-05",
"url": "https://security.netapp.com/advisory/NTAP-20250605-0003"
},
{
"category": "external",
"summary": "Meinberg Security Advisory MBGSA-2025.04 vom 2025-06-11",
"url": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2025-04-lantime-firmware-v7-08-024.htm"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5949 vom 2025-06-25",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00113.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-2860 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-2860.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13203 vom 2025-08-06",
"url": "https://access.redhat.com/errata/RHSA-2025:13203"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-13203 vom 2025-08-07",
"url": "http://linux.oracle.com/errata/ELSA-2025-13203.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13429 vom 2025-08-07",
"url": "https://access.redhat.com/errata/RHSA-2025:13429"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-13428 vom 2025-08-07",
"url": "http://linux.oracle.com/errata/ELSA-2025-13428.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13428 vom 2025-08-07",
"url": "https://access.redhat.com/errata/RHSA-2025:13428"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-13429 vom 2025-08-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-13429.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13677 vom 2025-08-12",
"url": "https://access.redhat.com/errata/RHSA-2025:13677"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13688 vom 2025-08-12",
"url": "https://access.redhat.com/errata/RHSA-2025:13688"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13684 vom 2025-08-12",
"url": "https://access.redhat.com/errata/RHSA-2025:13684"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13689 vom 2025-08-12",
"url": "https://access.redhat.com/errata/RHSA-2025:13689"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13683 vom 2025-08-12",
"url": "https://access.redhat.com/errata/RHSA-2025:13683"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13788 vom 2025-08-13",
"url": "https://access.redhat.com/errata/RHSA-2025:13788"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13789 vom 2025-08-13",
"url": "https://access.redhat.com/errata/RHSA-2025:13789"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13806 vom 2025-08-13",
"url": "https://access.redhat.com/errata/RHSA-2025:13806"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13681 vom 2025-08-14",
"url": "https://access.redhat.com/errata/RHSA-2025:13681"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14059 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7243787 vom 2025-09-02",
"url": "https://www.ibm.com/support/pages/node/7243787"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14819 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:14819"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14818 vom 2025-09-04",
"url": "https://access.redhat.com/errata/RHSA-2025:14818"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14858 vom 2025-09-04",
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14853 vom 2025-09-04",
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7244160 vom 2025-09-05",
"url": "https://www.ibm.com/support/pages/node/7244160"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-13789 vom 2025-09-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-13789.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15308 vom 2025-09-11",
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15672 vom 2025-09-18",
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
}
],
"source_lang": "en-US",
"title": "libxml2: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-09-17T22:00:00.000+00:00",
"generator": {
"date": "2025-09-18T07:01:14.979+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0853",
"initial_release_date": "2025-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-04-24T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-29T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-01T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-05-22T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon und SUSE aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-06-05T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2025-06-10T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Meinberg aufgenommen"
},
{
"date": "2025-06-25T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-08-05T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-06T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-08-07T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2025-08-10T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-08-11T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-12T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-13T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-14T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-27T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-02T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von IBM und Red Hat aufgenommen"
},
{
"date": "2025-09-04T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-07T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-09-11T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-17T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "28"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "1139691",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
},
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "IBM AIX 7.2",
"product_id": "434967",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.2"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Operator",
"product": {
"name": "IBM MQ Operator",
"product_id": "T036688",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator"
}
}
},
{
"category": "product_version",
"name": "Container",
"product": {
"name": "IBM MQ Container",
"product_id": "T040640",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:container"
}
}
}
],
"category": "product_name",
"name": "MQ"
},
{
"branches": [
{
"category": "product_version",
"name": "3.1",
"product": {
"name": "IBM VIOS 3.1",
"product_id": "1039165",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:3.1"
}
}
},
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "IBM VIOS 4.1",
"product_id": "1522854",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:4.1"
}
}
}
],
"category": "product_name",
"name": "VIOS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.08.024",
"product": {
"name": "Meinberg LANTIME \u003c7.08.024",
"product_id": "T044553"
}
},
{
"category": "product_version",
"name": "7.08.024",
"product": {
"name": "Meinberg LANTIME 7.08.024",
"product_id": "T044553-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:meinberg:lantime:7.08.024"
}
}
}
],
"category": "product_name",
"name": "LANTIME"
}
],
"category": "vendor",
"name": "Meinberg"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T025152",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "9",
"product": {
"name": "NetApp Data ONTAP 9",
"product_id": "T039981",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:9"
}
}
}
],
"category": "product_name",
"name": "Data ONTAP"
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.14.2",
"product": {
"name": "Open Source libxml2 \u003c2.14.2",
"product_id": "T042468"
}
},
{
"category": "product_version",
"name": "2.14.2",
"product": {
"name": "Open Source libxml2 2.14.2",
"product_id": "T042468-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:xmlsoft:libxml2:2.14.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.13.8",
"product": {
"name": "Open Source libxml2 \u003c2.13.8",
"product_id": "T042494"
}
},
{
"category": "product_version",
"name": "2.13.8",
"product": {
"name": "Open Source libxml2 2.13.8",
"product_id": "T042494-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:xmlsoft:libxml2:2.13.8"
}
}
}
],
"category": "product_name",
"name": "libxml2"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Core Services",
"product": {
"name": "Red Hat JBoss Core Services",
"product_id": "T012412",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.17.38",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.17.38",
"product_id": "T046524"
}
},
{
"category": "product_version",
"name": "Container Platform 4.17.38",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17.38",
"product_id": "T046524-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.17.38"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.19.10",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.19.10",
"product_id": "T046644"
}
},
{
"category": "product_version",
"name": "Container Platform 4.19.10",
"product": {
"name": "Red Hat OpenShift Container Platform 4.19.10",
"product_id": "T046644-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.19.10"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.80",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.80",
"product_id": "T046943"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.80",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.80",
"product_id": "T046943-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.80"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.5.1",
"product": {
"name": "Tenable Security Nessus Network Monitor \u003c6.5.1",
"product_id": "T044107"
}
},
{
"category": "product_version",
"name": "6.5.1",
"product": {
"name": "Tenable Security Nessus Network Monitor 6.5.1",
"product_id": "T044107-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus_network_monitor:6.5.1"
}
}
}
],
"category": "product_name",
"name": "Nessus Network Monitor"
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32415",
"product_status": {
"known_affected": [
"T025152",
"67646",
"T012412",
"434967",
"1039165",
"1522854",
"T036688",
"T004914",
"T039981",
"T032495",
"1139691",
"T046943",
"T046644",
"T046524",
"2951",
"T002207",
"T042468",
"T044107",
"T000126",
"T027843",
"398363",
"T040640",
"T042494",
"T044553"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-32415"
}
]
}
CERTFR-2025-AVI-0601
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server versions 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Client versions 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Cluster versions 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Cluster versions 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Client versions 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Client versions 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Server versions 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Server versions 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.0 à 7.6.34 | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 8.0.0 à 8.0.42 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.0 \u00e0 7.6.34",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-50089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50089"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2025-53032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53032"
},
{
"name": "CVE-2025-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50076"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2025-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50095"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2025-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50068"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2025-50081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50081"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2025-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50103"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2025-5399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5399"
}
],
"initial_release_date": "2025-07-18T00:00:00",
"last_revision_date": "2025-07-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0601",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle MySQL cpujul2025",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html"
}
]
}
CERTFR-2025-AVI-0746
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Dashboards | Cognos Command Center versions 10.2.4.1 et 10.2.5 antérieures à 10.2.5 FP1 IF1 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.0.x antérieures à 6.1.0.2 GA | ||
| IBM | QRadar | QRadar SIEM versions 7.5.0 antérieures à QRadar 7.5.0 UP13 IF01 | ||
| IBM | Sterling | Sterling Connect:Direct pour Microsoft Windows versions 6.4.x antérieures à 6.4.0.3 | ||
| IBM | WebSphere | WebSphere Remote Server versions 9.1, 8.0 et 8.5 sans le dernier correctif de sécurité | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.2.1 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.0.x antérieures à 6.2.0.2 GA | ||
| IBM | QRadar | QRadar Incident Forensics versions 7.5.0 antérieures à QIF 7.5.0 UP13 IF01 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.3 GA | ||
| IBM | Sterling | Sterling Connect:Direct pour Microsoft Windows versions 6.3.x antérieures à 6.3.0.6 | ||
| IBM | Db2 | Db2 Bridge versions antérieures à 1.1.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Command Center versions 10.2.4.1 et 10.2.5 ant\u00e9rieures \u00e0 10.2.5 FP1 IF1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 QRadar 7.5.0 UP13 IF01",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour Microsoft Windows versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 9.1, 8.0 et 8.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.2.1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Incident Forensics versions 7.5.0 ant\u00e9rieures \u00e0 QIF 7.5.0 UP13 IF01",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.3 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour Microsoft Windows versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.6",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Bridge versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2025-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24789"
},
{
"name": "CVE-2022-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50020"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-50349",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50349"
},
{
"name": "CVE-2025-46835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46835"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-43420",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43420"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-27614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27614"
},
{
"name": "CVE-2022-49111",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49111"
},
{
"name": "CVE-2025-1470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1470"
},
{
"name": "CVE-2022-49058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49058"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2024-52006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52006"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2025-27613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27613"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2022-49136",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49136"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2022-49846",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
},
{
"name": "CVE-2019-17543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17543"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1471"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2025-20012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20012"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2025-37738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2024-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28956"
},
{
"name": "CVE-2025-2697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2697"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1494"
},
{
"name": "CVE-2025-1994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1994"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-24495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24495"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2022-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49977"
},
{
"name": "CVE-2024-54661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54661"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-58002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-38052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2019-5427",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5427"
},
{
"name": "CVE-2022-49788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49788"
},
{
"name": "CVE-2025-20623",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20623"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2020-5260",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5260"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24790"
},
{
"name": "CVE-2024-45332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45332"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
}
],
"initial_release_date": "2025-08-29T00:00:00",
"last_revision_date": "2025-08-29T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0746",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243411",
"url": "https://www.ibm.com/support/pages/node/7243411"
},
{
"published_at": "2025-08-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242915",
"url": "https://www.ibm.com/support/pages/node/7242915"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243372",
"url": "https://www.ibm.com/support/pages/node/7243372"
},
{
"published_at": "2025-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242159",
"url": "https://www.ibm.com/support/pages/node/7242159"
},
{
"published_at": "2025-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243146",
"url": "https://www.ibm.com/support/pages/node/7243146"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242161",
"url": "https://www.ibm.com/support/pages/node/7242161"
},
{
"published_at": "2025-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243144",
"url": "https://www.ibm.com/support/pages/node/7243144"
},
{
"published_at": "2025-08-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243011",
"url": "https://www.ibm.com/support/pages/node/7243011"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243373",
"url": "https://www.ibm.com/support/pages/node/7243373"
}
]
}
CERTFR-2025-AVI-0600
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Java SE | Oracle GraalVM Enterprise Edition version 21.3.14 | ||
| Oracle | Java SE | Oracle Java SE version 17.0.15 | ||
| Oracle | Java SE | Oracle GraalVM for JDK version 17.0.15 | ||
| Oracle | Java SE | Oracle Java SE version 24.0.1 | ||
| Oracle | Java SE | Oracle Java SE version 11.0.27 | ||
| Oracle | Java SE | Oracle Java SE version 8u451-b50 | ||
| Oracle | Java SE | Oracle Java SE version 21.0.7 | ||
| Oracle | Java SE | Oracle Java SE version 8u451 | ||
| Oracle | Java SE | Oracle GraalVM for JDK version 24.0.1 | ||
| Oracle | Java SE | Oracle Java SE version 8u451-perf | ||
| Oracle | Java SE | Oracle GraalVM for JDK version 21.0.7 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle GraalVM Enterprise Edition version 21.3.14",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 17.0.15",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM for JDK version 17.0.15",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 24.0.1",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 11.0.27",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 8u451-b50",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 21.0.7",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 8u451",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM for JDK version 24.0.1",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 8u451-perf",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM for JDK version 21.0.7",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50063"
},
{
"name": "CVE-2025-50065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50065"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2024-40896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40896"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-30752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30752"
}
],
"initial_release_date": "2025-07-18T00:00:00",
"last_revision_date": "2025-07-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0600",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
"vendor_advisories": [
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpujul2025",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html"
}
]
}
CERTFR-2025-AVI-0448
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Tenable Nessus Network Monitor. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Network Monitor | Nessus Network Monitor versions antérieures à 6.5.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus Network Monitor versions ant\u00e9rieures \u00e0 6.5.1",
"product": {
"name": "Nessus Network Monitor",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2025-24916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24916"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-3241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3241"
},
{
"name": "CVE-2023-7256",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7256"
},
{
"name": "CVE-2024-8006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8006"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2025-24917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24917"
}
],
"initial_release_date": "2025-05-23T00:00:00",
"last_revision_date": "2025-05-23T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0448",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus Network Monitor. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Network Monitor",
"vendor_advisories": [
{
"published_at": "2025-05-23",
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-10",
"url": "https://www.tenable.com/security/tns-2025-10"
}
]
}
CERTFR-2025-AVI-0756
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Tanzu Platform for Cloud Foundry isolation segment 10.2.2+LTS-T | ||
| VMware | Tanzu | Tanzu for MySQL on Cloud Foundry versions antérieures à 10.0.2 | ||
| VMware | Tanzu | Java Buildpack versions antérieures à 4.84.0 | ||
| VMware | Tanzu | Stemcells pour Ubuntu Jammy Azure Light versions antérieures à 1.894 | ||
| VMware | Tanzu Platform | Tanzu Platform for Cloud Foundry isolation segment versions antérieures à 10.0.9 | ||
| VMware | Tanzu | Tanzu Scheduler versions antérieures à 2.0.20 | ||
| VMware | Tanzu | Spring Cloud Services for VMware Tanzu versions antérieures à 3.3.9 | ||
| VMware | Tanzu | Tanzu GemFire versions antérieures à 10.1.4 | ||
| VMware | Tanzu Operations Manager | Tanzu Operations Manager versions antérieures à 3.1.2 | ||
| VMware | Tanzu Platform | Tanzu Platform for Cloud Foundry isolation segment versions antérieures à 6.0.19+LTS-T | ||
| VMware | Tanzu | Single Sign-On for VMware Tanzu Application Service versions antérieures à 1.16.12 | ||
| VMware | Tanzu | Tanzu Hub versions antérieures à 10.2.1 | ||
| VMware | Tanzu | Stemcells pour Ubuntu Jammy versions antérieures à 1.894 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Platform for Cloud Foundry isolation segment 10.2.2+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for MySQL on Cloud Foundry versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Java Buildpack versions ant\u00e9rieures \u00e0 4.84.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells pour Ubuntu Jammy Azure Light versions ant\u00e9rieures \u00e0 1.894",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform for Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 10.0.9",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Scheduler versions ant\u00e9rieures \u00e0 2.0.20",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services for VMware Tanzu versions ant\u00e9rieures \u00e0 3.3.9",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 10.1.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Operations Manager versions ant\u00e9rieures \u00e0 3.1.2",
"product": {
"name": "Tanzu Operations Manager",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform for Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 6.0.19+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On for VMware Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.12",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells pour Ubuntu Jammy versions ant\u00e9rieures \u00e0 1.894",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2013-1548",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1548"
},
{
"name": "CVE-2015-4779",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4779"
},
{
"name": "CVE-2015-4780",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4780"
},
{
"name": "CVE-2015-4787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4787"
},
{
"name": "CVE-2015-4790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4790"
},
{
"name": "CVE-2015-4778",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4778"
},
{
"name": "CVE-2015-4782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4782"
},
{
"name": "CVE-2015-4789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4789"
},
{
"name": "CVE-2015-4764",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4764"
},
{
"name": "CVE-2015-4783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4783"
},
{
"name": "CVE-2015-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2583"
},
{
"name": "CVE-2015-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4781"
},
{
"name": "CVE-2015-4776",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4776"
},
{
"name": "CVE-2015-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4786"
},
{
"name": "CVE-2015-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2656"
},
{
"name": "CVE-2015-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4788"
},
{
"name": "CVE-2015-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4785"
},
{
"name": "CVE-2015-4754",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4754"
},
{
"name": "CVE-2015-4775",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4775"
},
{
"name": "CVE-2015-4777",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4777"
},
{
"name": "CVE-2015-2640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2640"
},
{
"name": "CVE-2015-4774",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4774"
},
{
"name": "CVE-2015-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2626"
},
{
"name": "CVE-2015-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2624"
},
{
"name": "CVE-2015-4784",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4784"
},
{
"name": "CVE-2015-2654",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2654"
},
{
"name": "CVE-2017-8046",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8046"
},
{
"name": "CVE-2018-3280",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3280"
},
{
"name": "CVE-2018-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3137"
},
{
"name": "CVE-2018-3285",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3285"
},
{
"name": "CVE-2018-3182",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3182"
},
{
"name": "CVE-2018-3186",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3186"
},
{
"name": "CVE-2018-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3195"
},
{
"name": "CVE-2018-3286",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3286"
},
{
"name": "CVE-2018-3170",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3170"
},
{
"name": "CVE-2018-3279",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3279"
},
{
"name": "CVE-2018-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3212"
},
{
"name": "CVE-2018-3203",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3203"
},
{
"name": "CVE-2018-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3145"
},
{
"name": "CVE-2019-2530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2530"
},
{
"name": "CVE-2019-2436",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2436"
},
{
"name": "CVE-2019-2539",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2539"
},
{
"name": "CVE-2019-2494",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2494"
},
{
"name": "CVE-2019-2535",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2535"
},
{
"name": "CVE-2019-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2533"
},
{
"name": "CVE-2019-2495",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2495"
},
{
"name": "CVE-2019-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2513"
},
{
"name": "CVE-2019-2536",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2536"
},
{
"name": "CVE-2019-2502",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2502"
},
{
"name": "CVE-2019-2634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2634"
},
{
"name": "CVE-2019-2587",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2587"
},
{
"name": "CVE-2019-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2584"
},
{
"name": "CVE-2019-2691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2691"
},
{
"name": "CVE-2019-2606",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2606"
},
{
"name": "CVE-2019-2630",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2630"
},
{
"name": "CVE-2019-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2624"
},
{
"name": "CVE-2019-2623",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2623"
},
{
"name": "CVE-2019-2695",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2695"
},
{
"name": "CVE-2019-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2596"
},
{
"name": "CVE-2019-2580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2580"
},
{
"name": "CVE-2019-2644",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2644"
},
{
"name": "CVE-2019-2681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2681"
},
{
"name": "CVE-2019-2617",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2617"
},
{
"name": "CVE-2019-2636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2636"
},
{
"name": "CVE-2019-2689",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2689"
},
{
"name": "CVE-2019-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2693"
},
{
"name": "CVE-2019-2593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2593"
},
{
"name": "CVE-2019-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2625"
},
{
"name": "CVE-2019-2585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2585"
},
{
"name": "CVE-2019-2631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2631"
},
{
"name": "CVE-2019-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2694"
},
{
"name": "CVE-2019-2620",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2620"
},
{
"name": "CVE-2019-2688",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2688"
},
{
"name": "CVE-2019-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2589"
},
{
"name": "CVE-2019-2635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2635"
},
{
"name": "CVE-2019-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2626"
},
{
"name": "CVE-2019-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2686"
},
{
"name": "CVE-2019-2685",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2685"
},
{
"name": "CVE-2019-2687",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2687"
},
{
"name": "CVE-2019-2607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2607"
},
{
"name": "CVE-2019-7317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
},
{
"name": "CVE-2019-2811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2811"
},
{
"name": "CVE-2019-2740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2740"
},
{
"name": "CVE-2019-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2879"
},
{
"name": "CVE-2019-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2808"
},
{
"name": "CVE-2019-2738",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2738"
},
{
"name": "CVE-2019-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2819"
},
{
"name": "CVE-2019-2737",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2737"
},
{
"name": "CVE-2019-2814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2814"
},
{
"name": "CVE-2019-2778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2778"
},
{
"name": "CVE-2019-2822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2822"
},
{
"name": "CVE-2019-2802",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2802"
},
{
"name": "CVE-2019-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2803"
},
{
"name": "CVE-2019-2752",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2752"
},
{
"name": "CVE-2019-2826",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2826"
},
{
"name": "CVE-2019-2784",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2784"
},
{
"name": "CVE-2019-2789",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2789"
},
{
"name": "CVE-2019-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2801"
},
{
"name": "CVE-2019-2791",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2791"
},
{
"name": "CVE-2019-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2798"
},
{
"name": "CVE-2019-2796",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2796"
},
{
"name": "CVE-2019-2815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2815"
},
{
"name": "CVE-2019-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2810"
},
{
"name": "CVE-2019-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2780"
},
{
"name": "CVE-2019-2758",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2758"
},
{
"name": "CVE-2019-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2757"
},
{
"name": "CVE-2019-2785",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2785"
},
{
"name": "CVE-2019-2747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2747"
},
{
"name": "CVE-2019-2741",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2741"
},
{
"name": "CVE-2019-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2830"
},
{
"name": "CVE-2019-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2834"
},
{
"name": "CVE-2019-2743",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2743"
},
{
"name": "CVE-2019-2739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2739"
},
{
"name": "CVE-2019-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2805"
},
{
"name": "CVE-2019-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2797"
},
{
"name": "CVE-2019-2774",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2774"
},
{
"name": "CVE-2019-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2795"
},
{
"name": "CVE-2019-2746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2746"
},
{
"name": "CVE-2019-2812",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2812"
},
{
"name": "CVE-2019-2924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2924"
},
{
"name": "CVE-2019-2914",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2914"
},
{
"name": "CVE-2019-2960",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2960"
},
{
"name": "CVE-2019-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2923"
},
{
"name": "CVE-2019-2968",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2968"
},
{
"name": "CVE-2019-2993",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2993"
},
{
"name": "CVE-2019-3009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3009"
},
{
"name": "CVE-2019-2969",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2969"
},
{
"name": "CVE-2019-3011",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3011"
},
{
"name": "CVE-2019-2967",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2967"
},
{
"name": "CVE-2019-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2946"
},
{
"name": "CVE-2019-2966",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2966"
},
{
"name": "CVE-2019-2957",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2957"
},
{
"name": "CVE-2019-2948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2948"
},
{
"name": "CVE-2019-2922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2922"
},
{
"name": "CVE-2019-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3004"
},
{
"name": "CVE-2019-2998",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2998"
},
{
"name": "CVE-2019-2911",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2911"
},
{
"name": "CVE-2019-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2950"
},
{
"name": "CVE-2019-2910",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2910"
},
{
"name": "CVE-2019-3018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3018"
},
{
"name": "CVE-2019-2974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2974"
},
{
"name": "CVE-2019-2991",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2991"
},
{
"name": "CVE-2019-2997",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2997"
},
{
"name": "CVE-2019-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2938"
},
{
"name": "CVE-2019-3003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3003"
},
{
"name": "CVE-2019-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2982"
},
{
"name": "CVE-2019-2963",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2963"
},
{
"name": "CVE-2020-2579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2579"
},
{
"name": "CVE-2020-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2584"
},
{
"name": "CVE-2020-2577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2577"
},
{
"name": "CVE-2020-2679",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2679"
},
{
"name": "CVE-2020-2570",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2570"
},
{
"name": "CVE-2020-2572",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2572"
},
{
"name": "CVE-2020-2627",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2627"
},
{
"name": "CVE-2020-2660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2660"
},
{
"name": "CVE-2020-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2589"
},
{
"name": "CVE-2020-2573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2573"
},
{
"name": "CVE-2020-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2686"
},
{
"name": "CVE-2020-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2694"
},
{
"name": "CVE-2020-2574",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2574"
},
{
"name": "CVE-2020-2770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2770"
},
{
"name": "CVE-2020-2925",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2925"
},
{
"name": "CVE-2020-2853",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2853"
},
{
"name": "CVE-2020-2774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2774"
},
{
"name": "CVE-2020-2928",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2928"
},
{
"name": "CVE-2020-2897",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2897"
},
{
"name": "CVE-2020-2812",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2812"
},
{
"name": "CVE-2020-2765",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2765"
},
{
"name": "CVE-2020-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2761"
},
{
"name": "CVE-2020-2790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2790"
},
{
"name": "CVE-2020-2752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2752"
},
{
"name": "CVE-2020-2904",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2904"
},
{
"name": "CVE-2020-2893",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2893"
},
{
"name": "CVE-2020-2760",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2760"
},
{
"name": "CVE-2020-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2780"
},
{
"name": "CVE-2020-2903",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2903"
},
{
"name": "CVE-2020-2924",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2924"
},
{
"name": "CVE-2020-2806",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2806"
},
{
"name": "CVE-2020-2922",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2922"
},
{
"name": "CVE-2020-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2901"
},
{
"name": "CVE-2020-2926",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2926"
},
{
"name": "CVE-2020-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2923"
},
{
"name": "CVE-2020-2921",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2921"
},
{
"name": "CVE-2020-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2779"
},
{
"name": "CVE-2020-2892",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2892"
},
{
"name": "CVE-2020-2896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2896"
},
{
"name": "CVE-2020-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2804"
},
{
"name": "CVE-2020-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2895"
},
{
"name": "CVE-2020-2930",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2930"
},
{
"name": "CVE-2020-2814",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2814"
},
{
"name": "CVE-2020-2759",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2759"
},
{
"name": "CVE-2020-2763",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2763"
},
{
"name": "CVE-2020-14550",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14550"
},
{
"name": "CVE-2020-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14567"
},
{
"name": "CVE-2020-14559",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14559"
},
{
"name": "CVE-2020-14576",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14576"
},
{
"name": "CVE-2020-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14540"
},
{
"name": "CVE-2020-14547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14547"
},
{
"name": "CVE-2020-14553",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14553"
},
{
"name": "CVE-2020-14539",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14539"
},
{
"name": "CVE-2020-14845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14845"
},
{
"name": "CVE-2020-14799",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14799"
},
{
"name": "CVE-2020-14793",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14793"
},
{
"name": "CVE-2020-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14888"
},
{
"name": "CVE-2020-14790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14790"
},
{
"name": "CVE-2020-14789",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14789"
},
{
"name": "CVE-2020-14672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14672"
},
{
"name": "CVE-2020-14846",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14846"
},
{
"name": "CVE-2020-14771",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14771"
},
{
"name": "CVE-2020-14873",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14873"
},
{
"name": "CVE-2020-14791",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14791"
},
{
"name": "CVE-2020-14769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14769"
},
{
"name": "CVE-2020-14844",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14844"
},
{
"name": "CVE-2020-14809",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14809"
},
{
"name": "CVE-2020-14860",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14860"
},
{
"name": "CVE-2020-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14866"
},
{
"name": "CVE-2020-14861",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14861"
},
{
"name": "CVE-2020-14773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14773"
},
{
"name": "CVE-2020-14776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14776"
},
{
"name": "CVE-2020-14852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14852"
},
{
"name": "CVE-2020-14760",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14760"
},
{
"name": "CVE-2020-14870",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14870"
},
{
"name": "CVE-2020-14837",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14837"
},
{
"name": "CVE-2020-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14893"
},
{
"name": "CVE-2020-14836",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14836"
},
{
"name": "CVE-2020-14829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14829"
},
{
"name": "CVE-2020-14868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14868"
},
{
"name": "CVE-2020-14827",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14827"
},
{
"name": "CVE-2020-14839",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14839"
},
{
"name": "CVE-2020-14777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14777"
},
{
"name": "CVE-2020-14812",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14812"
},
{
"name": "CVE-2020-14775",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14775"
},
{
"name": "CVE-2020-14838",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14838"
},
{
"name": "CVE-2020-14869",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14869"
},
{
"name": "CVE-2020-14765",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14765"
},
{
"name": "CVE-2020-14814",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14814"
},
{
"name": "CVE-2020-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14821"
},
{
"name": "CVE-2020-14830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14830"
},
{
"name": "CVE-2020-14828",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14828"
},
{
"name": "CVE-2020-14804",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14804"
},
{
"name": "CVE-2020-14800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14800"
},
{
"name": "CVE-2020-14891",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14891"
},
{
"name": "CVE-2020-14848",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14848"
},
{
"name": "CVE-2020-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14867"
},
{
"name": "CVE-2020-14785",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14785"
},
{
"name": "CVE-2020-14794",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14794"
},
{
"name": "CVE-2020-14786",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14786"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-2010",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2010"
},
{
"name": "CVE-2021-2001",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2001"
},
{
"name": "CVE-2021-2060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2060"
},
{
"name": "CVE-2021-2014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2014"
},
{
"name": "CVE-2021-2032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2032"
},
{
"name": "CVE-2021-2036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2036"
},
{
"name": "CVE-2021-2007",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2007"
},
{
"name": "CVE-2021-2011",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2011"
},
{
"name": "CVE-2021-2022",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2022"
},
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2021-2308",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2308"
},
{
"name": "CVE-2021-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2213"
},
{
"name": "CVE-2021-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2172"
},
{
"name": "CVE-2021-2293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2293"
},
{
"name": "CVE-2021-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2208"
},
{
"name": "CVE-2021-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2196"
},
{
"name": "CVE-2021-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
},
{
"name": "CVE-2021-2298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2298"
},
{
"name": "CVE-2021-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
},
{
"name": "CVE-2021-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
},
{
"name": "CVE-2021-2307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
},
{
"name": "CVE-2021-2217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2217"
},
{
"name": "CVE-2021-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
},
{
"name": "CVE-2021-2203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2203"
},
{
"name": "CVE-2021-2144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
},
{
"name": "CVE-2021-2226",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
},
{
"name": "CVE-2021-2232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2232"
},
{
"name": "CVE-2021-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
},
{
"name": "CVE-2021-2301",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2301"
},
{
"name": "CVE-2021-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
},
{
"name": "CVE-2021-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
},
{
"name": "CVE-2021-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
},
{
"name": "CVE-2021-2154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
},
{
"name": "CVE-2021-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2193"
},
{
"name": "CVE-2021-2300",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2300"
},
{
"name": "CVE-2021-2299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2299"
},
{
"name": "CVE-2021-2212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2212"
},
{
"name": "CVE-2021-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
},
{
"name": "CVE-2021-2146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
},
{
"name": "CVE-2021-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2230"
},
{
"name": "CVE-2021-2278",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2278"
},
{
"name": "CVE-2021-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2164"
},
{
"name": "CVE-2021-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2201"
},
{
"name": "CVE-2021-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2170"
},
{
"name": "CVE-2021-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2304"
},
{
"name": "CVE-2021-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
},
{
"name": "CVE-2021-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
},
{
"name": "CVE-2021-2305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2305"
},
{
"name": "CVE-2021-2215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2215"
},
{
"name": "CVE-2021-25214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25214"
},
{
"name": "CVE-2012-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2021-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2370"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2021-2444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2444"
},
{
"name": "CVE-2021-2429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2429"
},
{
"name": "CVE-2021-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2426"
},
{
"name": "CVE-2021-2427",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2427"
},
{
"name": "CVE-2021-2339",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2339"
},
{
"name": "CVE-2021-2425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2425"
},
{
"name": "CVE-2021-2387",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2387"
},
{
"name": "CVE-2021-2383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2383"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2021-2399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2399"
},
{
"name": "CVE-2021-2384",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2384"
},
{
"name": "CVE-2021-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2412"
},
{
"name": "CVE-2021-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2441"
},
{
"name": "CVE-2021-2410",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2410"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2021-2437",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2437"
},
{
"name": "CVE-2021-2417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2417"
},
{
"name": "CVE-2021-2424",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2424"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2021-2357",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2357"
},
{
"name": "CVE-2021-2352",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2352"
},
{
"name": "CVE-2021-2402",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2402"
},
{
"name": "CVE-2021-2440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2440"
},
{
"name": "CVE-2021-2340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2340"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2021-2374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2374"
},
{
"name": "CVE-2021-2356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
},
{
"name": "CVE-2021-2411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2411"
},
{
"name": "CVE-2021-2418",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2418"
},
{
"name": "CVE-2021-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2367"
},
{
"name": "CVE-2021-2354",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2354"
},
{
"name": "CVE-2021-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2422"
},
{
"name": "CVE-2020-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
},
{
"name": "CVE-2020-12723",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12723"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2021-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2019-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2021-35640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35640"
},
{
"name": "CVE-2021-35626",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35626"
},
{
"name": "CVE-2021-2478",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2478"
},
{
"name": "CVE-2021-35624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
},
{
"name": "CVE-2021-35583",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35583"
},
{
"name": "CVE-2021-35628",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35628"
},
{
"name": "CVE-2021-35630",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35630"
},
{
"name": "CVE-2021-35644",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35644"
},
{
"name": "CVE-2021-2479",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2479"
},
{
"name": "CVE-2021-35638",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35638"
},
{
"name": "CVE-2021-35646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35646"
},
{
"name": "CVE-2021-35596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35596"
},
{
"name": "CVE-2021-35643",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35643"
},
{
"name": "CVE-2021-35637",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35637"
},
{
"name": "CVE-2021-35623",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35623"
},
{
"name": "CVE-2021-35632",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35632"
},
{
"name": "CVE-2021-35641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35641"
},
{
"name": "CVE-2021-35604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
},
{
"name": "CVE-2021-35636",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35636"
},
{
"name": "CVE-2021-35546",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35546"
},
{
"name": "CVE-2021-35627",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35627"
},
{
"name": "CVE-2021-35625",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35625"
},
{
"name": "CVE-2021-35608",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35608"
},
{
"name": "CVE-2021-35597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35597"
},
{
"name": "CVE-2021-35537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35537"
},
{
"name": "CVE-2021-2481",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2481"
},
{
"name": "CVE-2021-35622",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35622"
},
{
"name": "CVE-2021-35610",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35610"
},
{
"name": "CVE-2021-35633",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35633"
},
{
"name": "CVE-2021-35634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35634"
},
{
"name": "CVE-2021-35629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35629"
},
{
"name": "CVE-2021-35631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35631"
},
{
"name": "CVE-2021-35645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35645"
},
{
"name": "CVE-2021-35647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35647"
},
{
"name": "CVE-2021-35612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35612"
},
{
"name": "CVE-2021-35639",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35639"
},
{
"name": "CVE-2021-35648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35648"
},
{
"name": "CVE-2021-35607",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35607"
},
{
"name": "CVE-2021-35602",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35602"
},
{
"name": "CVE-2021-35577",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35577"
},
{
"name": "CVE-2021-35642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35642"
},
{
"name": "CVE-2021-35575",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35575"
},
{
"name": "CVE-2021-35635",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35635"
},
{
"name": "CVE-2021-35591",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35591"
},
{
"name": "CVE-2021-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25219"
},
{
"name": "CVE-2021-3875",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3875"
},
{
"name": "CVE-2019-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
},
{
"name": "CVE-2022-21352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21352"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2022-21254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21254"
},
{
"name": "CVE-2022-21265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21265"
},
{
"name": "CVE-2022-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21348"
},
{
"name": "CVE-2022-21372",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21372"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2022-21368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21368"
},
{
"name": "CVE-2022-21339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21339"
},
{
"name": "CVE-2022-21264",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21264"
},
{
"name": "CVE-2022-21297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21297"
},
{
"name": "CVE-2022-21379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21379"
},
{
"name": "CVE-2022-21253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21253"
},
{
"name": "CVE-2022-21301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21301"
},
{
"name": "CVE-2022-21378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21378"
},
{
"name": "CVE-2022-21370",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21370"
},
{
"name": "CVE-2022-21302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21302"
},
{
"name": "CVE-2022-21249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21249"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2022-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21342"
},
{
"name": "CVE-2022-21362",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21362"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2022-21256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21256"
},
{
"name": "CVE-2022-21358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21358"
},
{
"name": "CVE-2022-21374",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21374"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2022-34903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2021-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
},
{
"name": "CVE-2020-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
},
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2022-21418",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21418"
},
{
"name": "CVE-2022-21412",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21412"
},
{
"name": "CVE-2022-21437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21437"
},
{
"name": "CVE-2022-21478",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21478"
},
{
"name": "CVE-2022-21479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21479"
},
{
"name": "CVE-2022-21438",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21438"
},
{
"name": "CVE-2022-21440",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21440"
},
{
"name": "CVE-2022-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
},
{
"name": "CVE-2022-21427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
},
{
"name": "CVE-2022-21415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21415"
},
{
"name": "CVE-2022-21459",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21459"
},
{
"name": "CVE-2022-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
},
{
"name": "CVE-2022-21414",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21414"
},
{
"name": "CVE-2022-21413",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21413"
},
{
"name": "CVE-2022-21436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21436"
},
{
"name": "CVE-2022-21435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21435"
},
{
"name": "CVE-2022-21462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21462"
},
{
"name": "CVE-2022-21444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
},
{
"name": "CVE-2022-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
},
{
"name": "CVE-2022-21457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21457"
},
{
"name": "CVE-2022-21425",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21425"
},
{
"name": "CVE-2022-21452",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21452"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2021-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3521"
},
{
"name": "CVE-2021-4122",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4122"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2022-21525",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21525"
},
{
"name": "CVE-2022-21537",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21537"
},
{
"name": "CVE-2022-21455",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21455"
},
{
"name": "CVE-2022-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21534"
},
{
"name": "CVE-2022-21528",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21528"
},
{
"name": "CVE-2022-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21529"
},
{
"name": "CVE-2022-21531",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21531"
},
{
"name": "CVE-2022-21515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21515"
},
{
"name": "CVE-2022-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21538"
},
{
"name": "CVE-2022-21527",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21527"
},
{
"name": "CVE-2022-21517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21517"
},
{
"name": "CVE-2022-21539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21539"
},
{
"name": "CVE-2022-21556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21556"
},
{
"name": "CVE-2022-21509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21509"
},
{
"name": "CVE-2022-21553",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21553"
},
{
"name": "CVE-2022-21530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21530"
},
{
"name": "CVE-2022-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21522"
},
{
"name": "CVE-2022-21547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21547"
},
{
"name": "CVE-2022-21569",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21569"
},
{
"name": "CVE-2022-21526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21526"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2022-0396",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0396"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"name": "CVE-2022-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
},
{
"name": "CVE-2022-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
},
{
"name": "CVE-2022-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
},
{
"name": "CVE-2022-21608",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
},
{
"name": "CVE-2022-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
},
{
"name": "CVE-2023-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21863"
},
{
"name": "CVE-2023-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21873"
},
{
"name": "CVE-2023-21879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21879"
},
{
"name": "CVE-2023-21880",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21880"
},
{
"name": "CVE-2023-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21869"
},
{
"name": "CVE-2023-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21872"
},
{
"name": "CVE-2023-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21877"
},
{
"name": "CVE-2023-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21870"
},
{
"name": "CVE-2023-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21887"
},
{
"name": "CVE-2023-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21836"
},
{
"name": "CVE-2023-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21881"
},
{
"name": "CVE-2023-21876",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21876"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2023-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21878"
},
{
"name": "CVE-2023-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21866"
},
{
"name": "CVE-2023-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21875"
},
{
"name": "CVE-2023-21865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21865"
},
{
"name": "CVE-2023-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21883"
},
{
"name": "CVE-2023-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21867"
},
{
"name": "CVE-2023-21874",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21874"
},
{
"name": "CVE-2023-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21871"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2023-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2023-20873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
},
{
"name": "CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2023-22053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22053"
},
{
"name": "CVE-2023-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22007"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2023-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22097"
},
{
"name": "CVE-2023-22084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22084"
},
{
"name": "CVE-2023-22026",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22026"
},
{
"name": "CVE-2023-22028",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22028"
},
{
"name": "CVE-2023-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22015"
},
{
"name": "CVE-2023-22103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22103"
},
{
"name": "CVE-2023-22068",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22068"
},
{
"name": "CVE-2023-22078",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22078"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-22059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22059"
},
{
"name": "CVE-2023-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22066"
},
{
"name": "CVE-2023-22114",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22114"
},
{
"name": "CVE-2023-22070",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22070"
},
{
"name": "CVE-2023-22032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22032"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2023-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2602"
},
{
"name": "CVE-2023-4527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2023-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2022-48522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2021-33294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2022-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2013-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2021-20193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20193"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-36054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-47100",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47100"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2022-27772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27772"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-26686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26686"
},
{
"name": "CVE-2023-52572",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52572"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2023-3138",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3138"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2024-26739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26739"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2023-52757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52757"
},
{
"name": "CVE-2024-35866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35866"
},
{
"name": "CVE-2024-35867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35867"
},
{
"name": "CVE-2024-35943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35943"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-35790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2024-38541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2024-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2024-21137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21137"
},
{
"name": "CVE-2024-0760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0760"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2024-36908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36908"
},
{
"name": "CVE-2024-27402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27402"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2022-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48893"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2023-5841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5841"
},
{
"name": "CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2023-6246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46751"
},
{
"name": "CVE-2024-46753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
},
{
"name": "CVE-2024-46774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46774"
},
{
"name": "CVE-2024-46787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
},
{
"name": "CVE-2022-21454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
},
{
"name": "CVE-2024-21193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21193"
},
{
"name": "CVE-2024-21194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21194"
},
{
"name": "CVE-2024-21196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21196"
},
{
"name": "CVE-2024-21197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21197"
},
{
"name": "CVE-2024-21198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21198"
},
{
"name": "CVE-2024-21199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21199"
},
{
"name": "CVE-2024-21201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21201"
},
{
"name": "CVE-2024-21207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21207"
},
{
"name": "CVE-2024-21209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21209"
},
{
"name": "CVE-2024-21212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21212"
},
{
"name": "CVE-2024-21213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21213"
},
{
"name": "CVE-2024-21219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21219"
},
{
"name": "CVE-2024-21236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21236"
},
{
"name": "CVE-2024-21239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21239"
},
{
"name": "CVE-2024-21241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21241"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-10487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10487"
},
{
"name": "CVE-2024-10458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10458"
},
{
"name": "CVE-2024-10459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10459"
},
{
"name": "CVE-2024-10460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10460"
},
{
"name": "CVE-2024-10461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10461"
},
{
"name": "CVE-2024-10462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10462"
},
{
"name": "CVE-2024-10463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10463"
},
{
"name": "CVE-2024-10464",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10464"
},
{
"name": "CVE-2024-10465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10465"
},
{
"name": "CVE-2024-10466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10466"
},
{
"name": "CVE-2024-10467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10467"
},
{
"name": "CVE-2024-10468",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10468"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2024-46816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46816"
},
{
"name": "CVE-2024-11395",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11395"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-11691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11691"
},
{
"name": "CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"name": "CVE-2024-11693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11693"
},
{
"name": "CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"name": "CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"name": "CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"name": "CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"name": "CVE-2024-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11698"
},
{
"name": "CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"name": "CVE-2024-11700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11700"
},
{
"name": "CVE-2024-11701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11701"
},
{
"name": "CVE-2024-11702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11702"
},
{
"name": "CVE-2024-11703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11703"
},
{
"name": "CVE-2024-11704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11704"
},
{
"name": "CVE-2024-11705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11705"
},
{
"name": "CVE-2024-11706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11706"
},
{
"name": "CVE-2024-11708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11708"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2025-0237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0237"
},
{
"name": "CVE-2025-0238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0238"
},
{
"name": "CVE-2025-0239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0239"
},
{
"name": "CVE-2025-0240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0240"
},
{
"name": "CVE-2025-0241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0241"
},
{
"name": "CVE-2025-0242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0242"
},
{
"name": "CVE-2025-0243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0243"
},
{
"name": "CVE-2025-0245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0245"
},
{
"name": "CVE-2025-0247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0247"
},
{
"name": "CVE-2025-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0434"
},
{
"name": "CVE-2025-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0435"
},
{
"name": "CVE-2025-0436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0436"
},
{
"name": "CVE-2025-0437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0437"
},
{
"name": "CVE-2025-0438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0438"
},
{
"name": "CVE-2025-0439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0439"
},
{
"name": "CVE-2025-0440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0440"
},
{
"name": "CVE-2025-0441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0441"
},
{
"name": "CVE-2025-0442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0442"
},
{
"name": "CVE-2025-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0443"
},
{
"name": "CVE-2025-0446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0446"
},
{
"name": "CVE-2025-0447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0447"
},
{
"name": "CVE-2025-0448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0448"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-0612",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0612"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0444"
},
{
"name": "CVE-2025-0445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0445"
},
{
"name": "CVE-2025-0451",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0451"
},
{
"name": "CVE-2025-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0762"
},
{
"name": "CVE-2025-1009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1009"
},
{
"name": "CVE-2025-1010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1010"
},
{
"name": "CVE-2025-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1011"
},
{
"name": "CVE-2025-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1012"
},
{
"name": "CVE-2025-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1013"
},
{
"name": "CVE-2025-1014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1014"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2025-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1016"
},
{
"name": "CVE-2025-1017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1017"
},
{
"name": "CVE-2025-1018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1018"
},
{
"name": "CVE-2025-1019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1019"
},
{
"name": "CVE-2025-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1020"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2025-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0995"
},
{
"name": "CVE-2025-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0996"
},
{
"name": "CVE-2025-0997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0997"
},
{
"name": "CVE-2025-0998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0998"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-1414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1414"
},
{
"name": "CVE-2025-0999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0999"
},
{
"name": "CVE-2025-1006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1006"
},
{
"name": "CVE-2025-1426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1426"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2023-39017",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39017"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2025-1914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1914"
},
{
"name": "CVE-2025-1915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1915"
},
{
"name": "CVE-2025-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1916"
},
{
"name": "CVE-2025-1917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1917"
},
{
"name": "CVE-2025-1918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1918"
},
{
"name": "CVE-2025-1919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1919"
},
{
"name": "CVE-2025-1921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1921"
},
{
"name": "CVE-2025-1922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1922"
},
{
"name": "CVE-2025-1923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1923"
},
{
"name": "CVE-2025-1930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1930"
},
{
"name": "CVE-2025-1931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1931"
},
{
"name": "CVE-2025-1932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1932"
},
{
"name": "CVE-2025-1933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1933"
},
{
"name": "CVE-2025-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1934"
},
{
"name": "CVE-2025-1935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1935"
},
{
"name": "CVE-2025-1936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1936"
},
{
"name": "CVE-2025-1937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1937"
},
{
"name": "CVE-2025-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1938"
},
{
"name": "CVE-2025-1939",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1939"
},
{
"name": "CVE-2025-1940",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1940"
},
{
"name": "CVE-2025-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1941"
},
{
"name": "CVE-2025-1942",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1942"
},
{
"name": "CVE-2025-1943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1943"
},
{
"name": "CVE-2025-1920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1920"
},
{
"name": "CVE-2025-2135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2135"
},
{
"name": "CVE-2025-2136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2136"
},
{
"name": "CVE-2025-2137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2137"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-45772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45772"
},
{
"name": "CVE-2025-2476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2476"
},
{
"name": "CVE-2025-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2857"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-2783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2783"
},
{
"name": "CVE-2022-49063",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49063"
},
{
"name": "CVE-2022-49535",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49535"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2025-3066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3066"
},
{
"name": "CVE-2025-3067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3067"
},
{
"name": "CVE-2025-3068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3068"
},
{
"name": "CVE-2025-3071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3071"
},
{
"name": "CVE-2025-3072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3072"
},
{
"name": "CVE-2025-3073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3073"
},
{
"name": "CVE-2025-3074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3074"
},
{
"name": "CVE-2025-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3028"
},
{
"name": "CVE-2025-3029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3029"
},
{
"name": "CVE-2025-3030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3030"
},
{
"name": "CVE-2025-3031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3031"
},
{
"name": "CVE-2025-3032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3032"
},
{
"name": "CVE-2025-3033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3033"
},
{
"name": "CVE-2025-3034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3034"
},
{
"name": "CVE-2025-3035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3035"
},
{
"name": "CVE-2024-54458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
},
{
"name": "CVE-2025-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3608"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-21588",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21588"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
},
{
"name": "CVE-2025-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3619"
},
{
"name": "CVE-2025-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3620"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2025-4050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4050"
},
{
"name": "CVE-2025-4051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4051"
},
{
"name": "CVE-2025-4052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4052"
},
{
"name": "CVE-2025-4096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4096"
},
{
"name": "CVE-2025-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2817"
},
{
"name": "CVE-2025-4082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4082"
},
{
"name": "CVE-2025-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4083"
},
{
"name": "CVE-2025-4085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4085"
},
{
"name": "CVE-2025-4087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4087"
},
{
"name": "CVE-2025-4088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4088"
},
{
"name": "CVE-2025-4089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4089"
},
{
"name": "CVE-2025-4090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4090"
},
{
"name": "CVE-2025-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4091"
},
{
"name": "CVE-2025-4092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4092"
},
{
"name": "CVE-2023-53034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
},
{
"name": "CVE-2024-46742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46742"
},
{
"name": "CVE-2025-21853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
},
{
"name": "CVE-2025-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
},
{
"name": "CVE-2025-22027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22027"
},
{
"name": "CVE-2025-22035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
},
{
"name": "CVE-2025-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
},
{
"name": "CVE-2025-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
},
{
"name": "CVE-2025-22050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
},
{
"name": "CVE-2025-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
},
{
"name": "CVE-2025-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
},
{
"name": "CVE-2025-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
},
{
"name": "CVE-2025-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
},
{
"name": "CVE-2025-22063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
},
{
"name": "CVE-2025-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
},
{
"name": "CVE-2025-22071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
},
{
"name": "CVE-2025-22073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
},
{
"name": "CVE-2025-22075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
},
{
"name": "CVE-2025-22079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
},
{
"name": "CVE-2025-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
},
{
"name": "CVE-2025-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
},
{
"name": "CVE-2025-22089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
},
{
"name": "CVE-2025-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
},
{
"name": "CVE-2025-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
},
{
"name": "CVE-2025-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2025-37838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37838"
},
{
"name": "CVE-2025-38152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
},
{
"name": "CVE-2025-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
},
{
"name": "CVE-2025-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
},
{
"name": "CVE-2025-39728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
},
{
"name": "CVE-2025-39735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-29087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29087"
},
{
"name": "CVE-2025-3277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3277"
},
{
"name": "CVE-2025-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4609"
},
{
"name": "CVE-2025-4664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4664"
},
{
"name": "CVE-2025-4372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4372"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-4918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4918"
},
{
"name": "CVE-2025-4919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4919"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2025-5063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5063"
},
{
"name": "CVE-2025-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5064"
},
{
"name": "CVE-2025-5065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5065"
},
{
"name": "CVE-2025-5066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5066"
},
{
"name": "CVE-2025-5067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5067"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2022-49728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2025-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2025-22062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22062"
},
{
"name": "CVE-2025-23145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23145"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2025-37749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-5263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5263"
},
{
"name": "CVE-2025-5264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5264"
},
{
"name": "CVE-2025-5265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5265"
},
{
"name": "CVE-2025-5266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5266"
},
{
"name": "CVE-2025-5267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5267"
},
{
"name": "CVE-2025-5268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5268"
},
{
"name": "CVE-2025-5270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5270"
},
{
"name": "CVE-2025-5271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5271"
},
{
"name": "CVE-2025-5272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5272"
},
{
"name": "CVE-2025-5281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5281"
},
{
"name": "CVE-2025-5283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
},
{
"name": "CVE-2025-23140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23140"
},
{
"name": "CVE-2025-23142",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23142"
},
{
"name": "CVE-2025-23144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23144"
},
{
"name": "CVE-2025-23146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23146"
},
{
"name": "CVE-2025-23147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23147"
},
{
"name": "CVE-2025-23148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23148"
},
{
"name": "CVE-2025-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
},
{
"name": "CVE-2025-23151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23151"
},
{
"name": "CVE-2025-23156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23156"
},
{
"name": "CVE-2025-23157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23157"
},
{
"name": "CVE-2025-23158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23158"
},
{
"name": "CVE-2025-23159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23159"
},
{
"name": "CVE-2025-23161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23161"
},
{
"name": "CVE-2025-23163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23163"
},
{
"name": "CVE-2025-37738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
},
{
"name": "CVE-2025-37739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37739"
},
{
"name": "CVE-2025-37740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37740"
},
{
"name": "CVE-2025-37741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37741"
},
{
"name": "CVE-2025-37742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37742"
},
{
"name": "CVE-2025-37756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37756"
},
{
"name": "CVE-2025-37757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37757"
},
{
"name": "CVE-2025-37758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37758"
},
{
"name": "CVE-2025-37765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37765"
},
{
"name": "CVE-2025-37766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37766"
},
{
"name": "CVE-2025-37767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37767"
},
{
"name": "CVE-2025-37768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37768"
},
{
"name": "CVE-2025-37770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37770"
},
{
"name": "CVE-2025-37771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37771"
},
{
"name": "CVE-2025-37773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37773"
},
{
"name": "CVE-2025-37780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37780"
},
{
"name": "CVE-2025-37781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37781"
},
{
"name": "CVE-2025-37787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37787"
},
{
"name": "CVE-2025-37788",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37788"
},
{
"name": "CVE-2025-37789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37789"
},
{
"name": "CVE-2025-37790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37790"
},
{
"name": "CVE-2025-37792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37792"
},
{
"name": "CVE-2025-37794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37794"
},
{
"name": "CVE-2025-37796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37796"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-37803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37803"
},
{
"name": "CVE-2025-37805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37805"
},
{
"name": "CVE-2025-37808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37808"
},
{
"name": "CVE-2025-37810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37810"
},
{
"name": "CVE-2025-37811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37811"
},
{
"name": "CVE-2025-37812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37812"
},
{
"name": "CVE-2025-37817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37817"
},
{
"name": "CVE-2025-37823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37823"
},
{
"name": "CVE-2025-37824",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37824"
},
{
"name": "CVE-2025-37829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37829"
},
{
"name": "CVE-2025-37830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37830"
},
{
"name": "CVE-2025-37836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37836"
},
{
"name": "CVE-2025-37839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37839"
},
{
"name": "CVE-2025-37840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37840"
},
{
"name": "CVE-2025-37841",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37841"
},
{
"name": "CVE-2025-37844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37844"
},
{
"name": "CVE-2025-37850",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37850"
},
{
"name": "CVE-2025-37851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37851"
},
{
"name": "CVE-2025-37857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37857"
},
{
"name": "CVE-2025-37858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37858"
},
{
"name": "CVE-2025-37859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37859"
},
{
"name": "CVE-2025-37862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37862"
},
{
"name": "CVE-2025-37867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37867"
},
{
"name": "CVE-2025-37871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37871"
},
{
"name": "CVE-2025-37875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37875"
},
{
"name": "CVE-2025-37881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37881"
},
{
"name": "CVE-2025-37883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37883"
},
{
"name": "CVE-2025-37885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37885"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2025-37892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37892"
},
{
"name": "CVE-2025-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
},
{
"name": "CVE-2025-37940",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37940"
},
{
"name": "CVE-2025-37982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37982"
},
{
"name": "CVE-2025-37983",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37983"
},
{
"name": "CVE-2025-37985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37985"
},
{
"name": "CVE-2025-37989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37989"
},
{
"name": "CVE-2025-37819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37819"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-37905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37905"
},
{
"name": "CVE-2025-37909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37909"
},
{
"name": "CVE-2025-37911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37911"
},
{
"name": "CVE-2025-37912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37912"
},
{
"name": "CVE-2025-37913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37913"
},
{
"name": "CVE-2025-37914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37914"
},
{
"name": "CVE-2025-37915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37915"
},
{
"name": "CVE-2025-37923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37923"
},
{
"name": "CVE-2025-37927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37927"
},
{
"name": "CVE-2025-37930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37930"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2025-37949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37949"
},
{
"name": "CVE-2025-37964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37964"
},
{
"name": "CVE-2025-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37967"
},
{
"name": "CVE-2025-37969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37969"
},
{
"name": "CVE-2025-37970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37970"
},
{
"name": "CVE-2025-37990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37990"
},
{
"name": "CVE-2025-37991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37991"
},
{
"name": "CVE-2025-5068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5068"
},
{
"name": "CVE-2025-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5419"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2025-49709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49709"
},
{
"name": "CVE-2025-49710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49710"
},
{
"name": "CVE-2023-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
},
{
"name": "CVE-2023-6780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2025-29088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29088"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-5958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5958"
},
{
"name": "CVE-2025-5959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5959"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-6191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6191"
},
{
"name": "CVE-2025-6192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6192"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2022-49168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49168"
},
{
"name": "CVE-2025-37998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37998"
},
{
"name": "CVE-2023-42366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
},
{
"name": "CVE-2025-6424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6424"
},
{
"name": "CVE-2025-6425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6425"
},
{
"name": "CVE-2025-6426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6426"
},
{
"name": "CVE-2025-6427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6427"
},
{
"name": "CVE-2025-6429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6429"
},
{
"name": "CVE-2025-6430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6430"
},
{
"name": "CVE-2025-6432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6432"
},
{
"name": "CVE-2025-6433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6433"
},
{
"name": "CVE-2025-6434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6434"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2025-6555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6555"
},
{
"name": "CVE-2025-6556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6556"
},
{
"name": "CVE-2025-6557",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6557"
},
{
"name": "CVE-2025-6435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6435"
},
{
"name": "CVE-2025-6436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6436"
},
{
"name": "CVE-2025-6554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6554"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2022-49636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2025-37992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37992"
},
{
"name": "CVE-2025-37994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37994"
},
{
"name": "CVE-2025-37995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37995"
},
{
"name": "CVE-2025-38005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38005"
},
{
"name": "CVE-2025-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38009"
},
{
"name": "CVE-2025-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38023"
},
{
"name": "CVE-2025-38024",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
},
{
"name": "CVE-2025-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-6558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
},
{
"name": "CVE-2025-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7656"
},
{
"name": "CVE-2025-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7657"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2022-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21546"
},
{
"name": "CVE-2020-16156",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16156"
},
{
"name": "CVE-2025-8010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8010"
},
{
"name": "CVE-2025-8011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8011"
},
{
"name": "CVE-2025-8027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8027"
},
{
"name": "CVE-2025-8028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8028"
},
{
"name": "CVE-2025-8029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8029"
},
{
"name": "CVE-2025-8030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8030"
},
{
"name": "CVE-2025-8031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8031"
},
{
"name": "CVE-2025-8032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8032"
},
{
"name": "CVE-2025-8033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8033"
},
{
"name": "CVE-2025-8034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8034"
},
{
"name": "CVE-2025-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8035"
},
{
"name": "CVE-2025-8036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8036"
},
{
"name": "CVE-2025-8037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8037"
},
{
"name": "CVE-2025-8038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8038"
},
{
"name": "CVE-2025-8039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8039"
},
{
"name": "CVE-2025-8040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8040"
},
{
"name": "CVE-2025-8041",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8041"
},
{
"name": "CVE-2025-8043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8043"
},
{
"name": "CVE-2025-8044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8044"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2025-38094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38094"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-8292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8292"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-8576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8576"
},
{
"name": "CVE-2025-8577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8577"
},
{
"name": "CVE-2025-8578",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8578"
},
{
"name": "CVE-2025-8579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8579"
},
{
"name": "CVE-2025-8580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8580"
},
{
"name": "CVE-2025-8581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8581"
},
{
"name": "CVE-2025-8582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8582"
},
{
"name": "CVE-2025-8583",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8583"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2025-8879",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8879"
},
{
"name": "CVE-2025-8880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8880"
},
{
"name": "CVE-2025-8881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8881"
},
{
"name": "CVE-2025-8882",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8882"
},
{
"name": "CVE-2025-8901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8901"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2025-9132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9132"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2005-2541",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2541"
},
{
"name": "CVE-2008-5727",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5727"
},
{
"name": "CVE-2008-5728",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5728"
},
{
"name": "CVE-2008-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5729"
},
{
"name": "CVE-2008-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5730"
},
{
"name": "CVE-2008-5742",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5742"
},
{
"name": "CVE-2011-3374",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3374"
},
{
"name": "CVE-2014-4715",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4715"
},
{
"name": "CVE-2015-2214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2214"
},
{
"name": "CVE-2016-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0682"
},
{
"name": "CVE-2016-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0689"
},
{
"name": "CVE-2016-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0692"
},
{
"name": "CVE-2016-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0694"
},
{
"name": "CVE-2016-2149",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2149"
},
{
"name": "CVE-2016-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2160"
},
{
"name": "CVE-2016-3418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3418"
},
{
"name": "CVE-2017-10140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
},
{
"name": "CVE-2017-12195",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12195"
},
{
"name": "CVE-2017-12629",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12629"
},
{
"name": "CVE-2017-3604",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3604"
},
{
"name": "CVE-2017-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3605"
},
{
"name": "CVE-2017-3606",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3606"
},
{
"name": "CVE-2017-3607",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3607"
},
{
"name": "CVE-2017-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3608"
},
{
"name": "CVE-2017-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3609"
},
{
"name": "CVE-2017-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3610"
},
{
"name": "CVE-2017-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3611"
},
{
"name": "CVE-2017-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3612"
},
{
"name": "CVE-2017-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3613"
},
{
"name": "CVE-2017-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3614"
},
{
"name": "CVE-2017-3615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3615"
},
{
"name": "CVE-2017-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3616"
},
{
"name": "CVE-2017-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3617"
},
{
"name": "CVE-2018-1000169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000169"
},
{
"name": "CVE-2018-1196",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1196"
},
{
"name": "CVE-2018-1273",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1273"
},
{
"name": "CVE-2019-10782",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10782"
},
{
"name": "CVE-2019-9658",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9658"
},
{
"name": "CVE-2020-2981",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2981"
},
{
"name": "CVE-2021-20298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20298"
},
{
"name": "CVE-2021-20304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20304"
},
{
"name": "CVE-2021-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22055"
},
{
"name": "CVE-2021-23169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23169"
},
{
"name": "CVE-2021-3236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3236"
},
{
"name": "CVE-2022-0635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0635"
},
{
"name": "CVE-2022-0667",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0667"
},
{
"name": "CVE-2022-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
},
{
"name": "CVE-2022-39046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39046"
},
{
"name": "CVE-2022-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42010"
},
{
"name": "CVE-2022-42011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42011"
},
{
"name": "CVE-2022-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42012"
},
{
"name": "CVE-2022-44638",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44638"
},
{
"name": "CVE-2023-31437",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31437"
},
{
"name": "CVE-2023-31438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31438"
},
{
"name": "CVE-2023-31439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31439"
},
{
"name": "CVE-2023-37769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37769"
},
{
"name": "CVE-2023-39810",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39810"
},
{
"name": "CVE-2023-4156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4156"
},
{
"name": "CVE-2023-4320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4320"
},
{
"name": "CVE-2023-43785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
},
{
"name": "CVE-2023-43786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
},
{
"name": "CVE-2023-43787",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
},
{
"name": "CVE-2023-46129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46129"
},
{
"name": "CVE-2023-47039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47039"
},
{
"name": "CVE-2023-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5189"
},
{
"name": "CVE-2024-11584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11584"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2024-22047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22047"
},
{
"name": "CVE-2024-2397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2397"
},
{
"name": "CVE-2024-26462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26462"
},
{
"name": "CVE-2024-31047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31047"
},
{
"name": "CVE-2024-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2024-6174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6174"
},
{
"name": "CVE-2024-7012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7012"
},
{
"name": "CVE-2025-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
},
{
"name": "CVE-2025-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1365"
},
{
"name": "CVE-2025-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1372"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-26519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26519"
},
{
"name": "CVE-2025-27587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
},
{
"name": "CVE-2025-30258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-45768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2025-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"name": "CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-6170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
},
{
"name": "CVE-2025-6297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6297"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2025-8262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8262"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-9179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9179"
},
{
"name": "CVE-2025-9180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9180"
},
{
"name": "CVE-2025-9181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9181"
},
{
"name": "CVE-2025-9182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9182"
},
{
"name": "CVE-2025-9183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9183"
},
{
"name": "CVE-2025-9184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9184"
},
{
"name": "CVE-2025-9185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9185"
},
{
"name": "CVE-2025-9187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9187"
},
{
"name": "CVE-2025-9308",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9308"
}
],
"initial_release_date": "2025-09-05T00:00:00",
"last_revision_date": "2025-09-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0756",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36093",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36093"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36102",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36102"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36101",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36101"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36100",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36100"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36105",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36105"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36091",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36091"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36078",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36078"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36107",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36107"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36094",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36094"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36097",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36097"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-46",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36104"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36108",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36108"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36095",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36095"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-09",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36090"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36096",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36096"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36106",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36106"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36109",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36109"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36098",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36098"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36111"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36103",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36103"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36099",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36099"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36092",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36092"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36110",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36110"
}
]
}
CERTFR-2025-AVI-0838
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.109 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.2.2406 antérieures à 9.2.2406.123 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2408 antérieures à 9.3.2408.119 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise Cloud versions 9.2.2406 antérieures à 9.2.2406.123 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.0 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.2.x antérieures à 9.2.8 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.4 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.6 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise Cloud versions 9.3.2411 antérieures à 9.3.2411.108 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise Cloud versions 9.3.2408 antérieures à 9.3.2408.118 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.111 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.109",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.2.2406 ant\u00e9rieures \u00e0 9.2.2406.123",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2408 ant\u00e9rieures \u00e0 9.3.2408.119",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise Cloud versions 9.2.2406 ant\u00e9rieures \u00e0 9.2.2406.123",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.0",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.8",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.4",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise Cloud versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.108",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise Cloud versions 9.3.2408 ant\u00e9rieures \u00e0 9.3.2408.118",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.111",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2025-20367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20367"
},
{
"name": "CVE-2024-7553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7553"
},
{
"name": "CVE-2025-20366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20366"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2025-20370",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20370"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20369"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2024-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1351"
},
{
"name": "CVE-2025-20371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20371"
},
{
"name": "CVE-2025-20368",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20368"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
}
],
"initial_release_date": "2025-10-02T00:00:00",
"last_revision_date": "2025-10-02T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0838",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1006",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1006"
},
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1005",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1005"
},
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1002",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1002"
},
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1004",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1004"
},
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1007",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1007"
},
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1003",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1003"
},
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1001",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1001"
}
]
}
ghsa-w8fw-fj9q-vcjj
Vulnerability from github
Published
2025-04-17 18:31
Modified
2025-04-17 18:31
Severity ?
VLAI Severity ?
Details
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
{
"affected": [],
"aliases": [
"CVE-2025-32415"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-17T17:15:33Z",
"severity": "LOW"
},
"details": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.",
"id": "GHSA-w8fw-fj9q-vcjj",
"modified": "2025-04-17T18:31:22Z",
"published": "2025-04-17T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
fkie_cve-2025-32415
Vulnerability from fkie_nvd
Published
2025-04-17 17:15
Modified
2025-04-23 18:17
Severity ?
2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 | Exploit, Issue Tracking | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 | Exploit, Issue Tracking |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF308A16-618A-44BE-900E-3B65DCC0E428",
"versionEndExcluding": "2.13.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9878007F-7139-47DE-BD8F-E0DFCAD038B7",
"versionEndExcluding": "2.14.2",
"versionStartIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used."
},
{
"lang": "es",
"value": "En libxml2 anterior a la versi\u00f3n 2.13.8 y 2.14.x anterior a la versi\u00f3n 2.14.2, xmlSchemaIDCFillNodeTables en xmlschemas.c presenta una sublectura del b\u00fafer basado en el mont\u00f3n. Para aprovechar esto, un documento XML creado debe validarse con un esquema XML con ciertas restricciones de identidad, o bien, debe utilizarse un esquema XML creado."
}
],
"id": "CVE-2025-32415",
"lastModified": "2025-04-23T18:17:52.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-17T17:15:33.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
msrc_cve-2025-32415
Vulnerability from csaf_microsoft
Published
2025-04-02 00:00
Modified
2025-07-11 00:00
Summary
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32415 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-32415.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.",
"tracking": {
"current_release_date": "2025-07-11T00:00:00.000Z",
"generator": {
"date": "2025-10-20T03:11:13.607Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-32415",
"initial_release_date": "2025-04-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-05-27T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-07-11T00:00:00.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Added libxml2 to CBL-Mariner 2.0\nAdded libxml2 to Azure Linux 3.0"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 libxml2 2.11.5-5",
"product": {
"name": "\u003cazl3 libxml2 2.11.5-5",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 libxml2 2.11.5-5",
"product": {
"name": "azl3 libxml2 2.11.5-5",
"product_id": "19447"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 libxml2 2.10.4-7",
"product": {
"name": "\u003ccbl2 libxml2 2.10.4-7",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 libxml2 2.10.4-7",
"product": {
"name": "cbl2 libxml2 2.10.4-7",
"product_id": "20228"
}
}
],
"category": "product_name",
"name": "libxml2"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libxml2 2.11.5-5 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libxml2 2.11.5-5 as a component of Azure Linux 3.0",
"product_id": "19447-17084"
},
"product_reference": "19447",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libxml2 2.10.4-7 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libxml2 2.10.4-7 as a component of CBL Mariner 2.0",
"product_id": "20228-17086"
},
"product_reference": "20228",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19447-17084",
"20228-17086"
],
"known_affected": [
"17084-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32415 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-32415.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-27T00:00:00.000Z",
"details": "2.11.5-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-05-27T00:00:00.000Z",
"details": "2.10.4-7:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 2.9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"17084-2",
"17086-1"
]
}
],
"title": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used."
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…