CVE-2025-6170— Libxml2: stack buffer overflow in xmllint interactive shell command handling
I. Basic Information for CVE-2025-6170
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Libxml2: stack buffer overflow in xmllint interactive shell command handling
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
libxml2 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
libxml2是GNOME开源的一个用来解析XML文档的函数库。它用C语言写成,并且能为多种语言所调用,例如C语言,C++,XSH。 libxml2存在安全漏洞,该漏洞源于未正确检查输入大小,可能导致程序崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | - | 0 ~ 2.14.5 | - | |
| Red Hat | Red Hat Hardened Images | 2.15.2-0.3.hum1 ~ * | cpe:/a:redhat:hummingbird:1 | |
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 | |
| Red Hat | Red Hat JBoss Core Services | - | cpe:/a:redhat:jboss_core_services:1 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | - | cpe:/a:redhat:openshift:4 |
II. Public POCs for CVE-2025-6170
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-6170
请登录查看更多情报信息。
Other · 1
IV. Related Vulnerabilities
Same weakness: CWE-121
- CVE-2018-25322
Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow - CVE-2026-8733
Investintech SlimPDFReader SlimPDFReader.exe sub_3B4610 stac - CVE-2026-41963
媒体平台栈溢出漏洞影响可用性 - CVE-2026-6637
PostgreSQL refint allows stack buffer overflow and SQL injec - CVE-2020-37221
Atomic Alarm Clock 6.3 Stack Overflow via SEH Unicode
V. Comments for CVE-2025-6170
No comments yet