CNNVD-202601-2640 Information

CNNVD ID

CNNVD-202601-2640

Related CVE

CVE-2026-0992

• CNNVD Published: 2026-01-15

Description (Chinese)

libxml2是GNOME开源的一个用来解析XML文档的函数库。它用C语言写成，并且能为多种语言所调用，例如C语言，C++，XSH。 libxml2存在资源管理错误漏洞，该漏洞源于处理包含重复指向相同下游目录的元素的XML目录时出现不受控制的资源消耗，可能导致远程攻击者通过提供特制目录造成过度CPU消耗和应用程序可用性降低。

Description (English)

libxml2 is a function library for the analysis of XML documents from an open source of GNOME. It is written in C and can be called in many languages, such as C, C++, XSH. Libxml2 has a resource management error loophole, which arises from uncontrolled resource consumption in the processing of XML directories containing elements that repeat the same downstream directory, which could lead to excessive CPU consumption and reduced application availability by remote attackers by providing a special catalogue.

Hazard Level

Critical

Vulnerability Type

资源管理错误

Affected Vendor

GNOME

Published

2026-01-15

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2026-0992 https://bugzilla.redhat.com/show_bug.cgi?id=2429975

Patch

https://gitlab.gnome.org/GNOME/libxml2/-/releases