Nixpkgs security tracker
Untriaged
Permalink
CVE-2025-6170
2.5 LOW
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): LOW
Libxml2: stack buffer overflow in xmllint interactive shell command handling
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.
References
Affected products
rhcos
libxml2
- <2.14.5
Matching in nixpkgs
pkgs.libxml2
XML parsing library for C
pkgs.libxml2Python
None
pkgs.sbclPackages.cl-libxml2
None
-
nixos-unstable libxml2-20130615-git
- nixpkgs-unstable libxml2-20130615-git
- nixos-unstable-small libxml2-20130615-git
pkgs.python311Packages.libxml2
XML parsing library for C
pkgs.python312Packages.libxml2
XML parsing library for C
pkgs.python313Packages.libxml2
XML parsing library for C
pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libxml-2.0%22
Test whether libxml2-2.13.8 exposes pkg-config modules libxml-2.0
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
-
@lukego Luke Gorrie <luke@snabb.co>
-
@hraban Hraban Luyat <hraban@0brg.net>
-
@nagy Daniel Nagy <danielnagy@posteo.de>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>