Nixpkgs security tracker

Untriaged

Permalink CVE-2026-0992

2.9 LOW

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): LOW

created 3 months ago

Libxml2: libxml2: denial of service via crafted xml catalogs

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

References

https://access.redhat.com/security/cve/CVE-2026-0992 vdb-entryx_refsource_REDHAT
RHBZ#2429975 issue-trackingx_refsource_REDHAT

Affected products

rhcos

libxml2

Matching in nixpkgs

pkgs.libxml2

XML parsing library for C

nixos-unstable 2.14.4-unstable-2025-06-20
- nixpkgs-unstable 2.14.4-unstable-2025-06-20
- nixos-unstable-small 2.14.4-unstable-2025-06-20
nixos-25.11 2.15.1
- nixpkgs-25.11-darwin 2.15.1

pkgs.libxml2_13

XML parsing library for C

nixos-25.11 2.13.8
- nixpkgs-25.11-darwin 2.13.8

pkgs.libxml2Python

None

nixos-unstable 2.14.4-unstable-2025-06-20
- nixpkgs-unstable 2.14.4-unstable-2025-06-20
- nixos-unstable-small 2.14.4-unstable-2025-06-20
nixos-25.11 2.15.1
- nixpkgs-25.11-darwin 2.15.1

pkgs.sbclPackages.cl-libxml2

None

nixos-unstable libxml2-20130615-git
- nixpkgs-unstable libxml2-20130615-git
- nixos-unstable-small libxml2-20130615-git
nixos-25.11 libxml2-20130615-git
- nixpkgs-25.11-darwin libxml2-20130615-git

pkgs.perlPackages.AlienLibxml2

Install the C libxml2 library on your system

nixos-unstable Libxml2-0.19
- nixpkgs-unstable Libxml2-0.19
- nixos-unstable-small Libxml2-0.19
nixos-25.11 Libxml2-0.19
- nixpkgs-25.11-darwin Libxml2-0.19

pkgs.python312Packages.libxml2

XML parsing library for C

nixos-unstable 2.14.4-unstable-2025-06-20
- nixpkgs-unstable 2.14.4-unstable-2025-06-20
- nixos-unstable-small 2.14.4-unstable-2025-06-20
nixos-25.11 2.15.1
- nixpkgs-25.11-darwin 2.15.1

pkgs.python313Packages.libxml2

XML parsing library for C

nixos-unstable 2.14.4-unstable-2025-06-20
- nixpkgs-unstable 2.14.4-unstable-2025-06-20
- nixos-unstable-small 2.14.4-unstable-2025-06-20
nixos-25.11 2.15.1
- nixpkgs-25.11-darwin 2.15.1

pkgs.perl538Packages.AlienLibxml2

Install the C libxml2 library on your system

nixos-unstable Libxml2-0.19
- nixpkgs-unstable Libxml2-0.19
- nixos-unstable-small Libxml2-0.19
nixos-25.11 Libxml2-0.19
- nixpkgs-25.11-darwin Libxml2-0.19

pkgs.perl540Packages.AlienLibxml2

Install the C libxml2 library on your system

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libxml-2.0%22

Test whether libxml2-2.14.4-unstable-2025-06-20 exposes pkg-config modules libxml-2.0

nixos-unstable libxml2
- nixpkgs-unstable libxml2
- nixos-unstable-small libxml2
nixos-25.11 libxml2
- nixpkgs-25.11-darwin libxml2

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@lukego Luke Gorrie <luke@snabb.co>
@nagy Daniel Nagy <danielnagy@posteo.de>
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
@hraban Hraban Luyat <hraban@0brg.net>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@gepbird Gutyina Gergő <gutyina.gergo.2@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libxml2

pkgs.libxml2_13

pkgs.libxml2Python

pkgs.sbclPackages.cl-libxml2

pkgs.perlPackages.AlienLibxml2

pkgs.python312Packages.libxml2

pkgs.python313Packages.libxml2

pkgs.perl538Packages.AlienLibxml2

pkgs.perl540Packages.AlienLibxml2

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22libxml-2.0%22

Package maintainers