Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-0990
5.9 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing
A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.
References
Affected products
rhcos
libxml2
Matching in nixpkgs
pkgs.libxml2
XML parsing library for C
-
nixos-unstable 2.14.4-unstable-2025-06-20
- nixpkgs-unstable 2.14.4-unstable-2025-06-20
- nixos-unstable-small 2.14.4-unstable-2025-06-20
pkgs.libxml2_13
XML parsing library for C
pkgs.libxml2Python
None
-
nixos-unstable 2.14.4-unstable-2025-06-20
- nixpkgs-unstable 2.14.4-unstable-2025-06-20
- nixos-unstable-small 2.14.4-unstable-2025-06-20
pkgs.sbclPackages.cl-libxml2
None
-
nixos-unstable libxml2-20130615-git
- nixpkgs-unstable libxml2-20130615-git
- nixos-unstable-small libxml2-20130615-git
-
nixos-25.11 libxml2-20130615-git
- nixpkgs-25.11-darwin libxml2-20130615-git
pkgs.perlPackages.AlienLibxml2
Install the C libxml2 library on your system
-
nixos-unstable Libxml2-0.19
- nixpkgs-unstable Libxml2-0.19
- nixos-unstable-small Libxml2-0.19
-
nixos-25.11 Libxml2-0.19
- nixpkgs-25.11-darwin Libxml2-0.19
pkgs.python312Packages.libxml2
XML parsing library for C
-
nixos-unstable 2.14.4-unstable-2025-06-20
- nixpkgs-unstable 2.14.4-unstable-2025-06-20
- nixos-unstable-small 2.14.4-unstable-2025-06-20
pkgs.python313Packages.libxml2
XML parsing library for C
-
nixos-unstable 2.14.4-unstable-2025-06-20
- nixpkgs-unstable 2.14.4-unstable-2025-06-20
- nixos-unstable-small 2.14.4-unstable-2025-06-20
pkgs.perl538Packages.AlienLibxml2
Install the C libxml2 library on your system
-
nixos-unstable Libxml2-0.19
- nixpkgs-unstable Libxml2-0.19
- nixos-unstable-small Libxml2-0.19
-
nixos-25.11 Libxml2-0.19
- nixpkgs-25.11-darwin Libxml2-0.19
pkgs.perl540Packages.AlienLibxml2
Install the C libxml2 library on your system
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@lukego Luke Gorrie <luke@snabb.co>
-
@nagy Daniel Nagy <danielnagy@posteo.de>
-
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
-
@hraban Hraban Luyat <hraban@0brg.net>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@gepbird Gutyina Gergő <gutyina.gergo.2@gmail.com>