CNNVD-202601-2641 Information
CNNVD ID
CNNVD-202601-2641
Related CVE
- CNNVD Published: 2026-01-15
Description (Chinese)
libxml2是GNOME开源的一个用来解析XML文档的函数库。它用C语言写成,并且能为多种语言所调用,例如C语言,C++,XSH。 libxml2存在安全漏洞,该漏洞源于xmlCatalogXMLResolveURI函数在XML目录包含引用自身的委托URI条目时出现不受控制的递归,可能导致远程攻击者通过特制XML目录造成无限递归和调用堆栈耗尽,引发分段违规。
Description (English)
libxml2 is a function library for the analysis of XML documents from an open source of GNOME. It is written in C and can be called in many languages, such as C, C++, XSH. There is a security loophole in libxml2, which stems from the uncontrolled regression of the xmlCatalogXMLResolveURI function when the XML catalogue contains references to its own delegated URL entries, which may result in the remote attacker running out of limitless repossessions and call stacks through a specially designed XML catalogue, causing a break-in.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
GNOME
Published
2026-01-15
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/CVE-2026-0990 https://bugzilla.redhat.com/show_bug.cgi?id=2429959
Patch
https://gitlab.gnome.org/GNOME/libxml2/-/releases
Share on: