CVE-2025-6021

Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2

Published: 6/12/2025 Last updated: 11/29/2025 Reserved: 6/12/2025

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.5	High	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (5)

bap-llvm conf-gtksourceview conf-gtksourceview3 conf-librsvg2 lablgtk3-gtkspell3

Products affected (43)

Product	Vendor	Version
Red Hat Discovery 2	Red Hat	Prior to 0.18.6
Red Hat Insights proxy 1.5	Red Hat	2010 Service Pack 2 (64-bit editions)
Red Hat Insights proxy 1.5	Red Hat	3.3.1SQ
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	3.14.3S
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	3.14.4S
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Red Hat	3.15.0S
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Red Hat	3.15.1S
Red Hat Enterprise Linux 9	Red Hat	all angular versions before 1.5.0-beta.0
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Red Hat	3.15.2S
Red Hat Enterprise Linux 9.4 Extended Update Support	Red Hat	3.15.1cS
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 7 Extended Lifecycle Support	Red Hat	3.14.2S
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Red Hat	All Android releases from CAF using the Linux kernel
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Red Hat	< 1.0.3
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Red Hat	7 for 32-bit Systems Service Pack 1
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Red Hat	10 Version 1607 for x64-based Systems
Red Hat Enterprise Linux 9	Red Hat	n/a
		n/a
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Red Hat	2008 R2 for Itanium-Based Systems Service Pack 1
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Red Hat	Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below
Red Hat Enterprise Linux 9.4 Extended Update Support	Red Hat	2012 (Core installation)
Red Hat JBoss Core Services 2.4.62.SP2	Red Hat	2012 R2 (Core installation)
		n/a
Red Hat Enterprise Linux 10	Red Hat	Oracle GraalVM Enterprise Edition:22.2.0
Red Hat Enterprise Linux 7 Extended Lifecycle Support	Red Hat	16.9.1s
Red Hat Enterprise Linux 8	Red Hat	3.10.1sE
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Red Hat	ed2c202dac55423a52d7e2290f2888bf08b8ee99
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Red Hat	n/a
Red Hat OpenShift Container Platform 4.18	Red Hat	n/a
Red Hat OpenShift Container Platform 4.19	Red Hat	3.3.0SQ
Red Hat OpenShift Container Platform 4.16	Red Hat	3.15.4S
Red Hat OpenShift Container Platform 4.15	Red Hat	<= 1.0.22
Red Hat OpenShift Container Platform 4.14	Red Hat	2019
Red Hat OpenShift Container Platform 4.15	Red Hat	2008 for Itanium-Based Systems Service Pack 2
Red Hat OpenShift Container Platform 4.16	Red Hat	2008 for 32-bit Systems Service Pack 2
Red Hat OpenShift Container Platform 4.17	Red Hat	n/a
Red Hat OpenShift Container Platform 4.13	Red Hat	3.15.3S
Red Hat OpenShift Container Platform 4.12	Red Hat	Aruba Instant 8.7.x: 8.7.1.1 and below

References (52)

Credits (2)

Red Hat would like to thank Ahmed Lekssays for reporting this issue.
Red Hat would like to thank Ahmed Lekssays for reporting this issue.