github - ghsa-fmj5-rvmp-845r

ghsa-fmj5-rvmp-845r

Vulnerability from github

Published

2025-09-10 21:30

Modified

2025-09-17 21:30

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-9714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-10T19:15:42Z",
    "severity": "MODERATE"
  },
  "details": "Uncontrolled recursion in\u00a0XPath evaluation\u00a0in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.",
  "id": "GHSA-fmj5-rvmp-845r",
  "modified": "2025-09-17T21:30:41Z",
  "published": "2025-09-10T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2025-9714

Vulnerability from cvelistv5

Published

2025-09-10 18:43

Modified

2025-09-10 18:46

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Stack overflow in libxml2

References

▼	URL	Tags
	https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21	patch

Impacted products

▼	Vendor	Product
	libxml2	libxml2

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9714",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-10T18:46:42.383800Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-10T18:46:46.622Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libxml2",
          "defaultStatus": "unaffected",
          "modules": [
            "xpath"
          ],
          "packageName": "libxml2",
          "platforms": [
            "Linux"
          ],
          "product": "libxml2",
          "programFiles": [
            "xpath.c"
          ],
          "repo": "https://gitlab.gnome.org/GNOME/libxml2",
          "vendor": "libxml2",
          "versions": [
            {
              "lessThan": "2.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.12.7+dfsg+really2.9.14-0.4ubuntu0.3",
              "status": "affected",
              "version": "0",
              "versionType": "dpkg"
            },
            {
              "lessThan": "2.9.14+dfsg-1.3ubuntu3.5",
              "status": "affected",
              "version": "0",
              "versionType": "dpkg"
            },
            {
              "lessThan": "2.9.13+dfsg-1ubuntu0.9",
              "status": "affected",
              "version": "0",
              "versionType": "dpkg"
            },
            {
              "lessThan": "2.9.10+dfsg-5ubuntu0.20.04.10+esm2",
              "status": "affected",
              "version": "0",
              "versionType": "dpkg"
            },
            {
              "lessThan": "2.9.4+dfsg1-6.1ubuntu1.9+esm5",
              "status": "affected",
              "version": "0",
              "versionType": "dpkg"
            },
            {
              "lessThan": "2.9.3+dfsg1-1ubuntu0.7+esm10",
              "status": "affected",
              "version": "0",
              "versionType": "dpkg"
            },
            {
              "lessThan": "2.9.1+dfsg1-3ubuntu4.13+esm9",
              "status": "affected",
              "version": "0",
              "versionType": "dpkg"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Nikita Sveshnikov (Positive Technologies)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eUncontrolled recursion in\u0026nbsp;XPath evaluation\u0026nbsp;in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `\u003ccode\u003exmlXPathCtxtCompile\u003c/code\u003e`, and `\u003ccode\u003exmlXPathEvalExpr\u003c/code\u003e` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.\u003c/div\u003e"
            }
          ],
          "value": "Uncontrolled recursion in\u00a0XPath evaluation\u00a0in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-10T18:43:12.204Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Stack overflow in libxml2",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2025-9714",
    "datePublished": "2025-09-10T18:43:12.204Z",
    "dateReserved": "2025-08-29T23:28:33.339Z",
    "dateUpdated": "2025-09-10T18:46:46.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.