Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN460
_____________________________________________________________________

DATE                : 22/07/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running libxml2.

=====================================================================
https://github.com/advisories/GHSA-83xx-9f6p-vwfj
_____________________________________________________________________


A vulnerability was found in libxml2. Processing certain...
Critical severity Unreviewed Published Jun 16, 2025 to the GitHub
Advisory Database • Updated Jul 9, 2025

Package
No package listed

Affected versions
Unknown

Patched versions
Unknown

Description

A vulnerability was found in libxml2. Processing certain sch:name
elements from the input XML file can trigger a memory corruption
issue. This flaw allows an attacker to craft a malicious XML input
file that can lead libxml to crash, resulting in a denial of service
or other possible undefined behavior due to sensitive data being
corrupted in memory.


References

    https://nvd.nist.gov/vuln/detail/CVE-2025-49796
    https://access.redhat.com/security/cve/CVE-2025-49796
    https://bugzilla.redhat.com/show_bug.cgi?id=2372385
    https://access.redhat.com/errata/RHSA-2025:10630
    https://access.redhat.com/errata/RHSA-2025:10698
    https://access.redhat.com/errata/RHSA-2025:10699


Severity
Critical
9.1/ 10

CVSS v3 base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS score
(20th percentile)

Weaknesses
Weakness CWE-125

CVE ID
CVE-2025-49796

GHSA ID
GHSA-83xx-9f6p-vwfj

Source code
No known source code


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================