CVE-2025-6170: A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program…

low2.5CVSS 3.1

AVLACHPRNUIRSUCNINAL

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
debian	libxml2	< libxml2 2.9.14+dfsg-1.3~deb12u3 (bookworm)	libxml2 2.9.14+dfsg-1.3~deb12u3 (bookworm)
msrc	azl3_libxml2_2.11.5-6_on_azure_linux_3.0	—	—
msrc	cbl2_libxml2_2.10.4-8_on_cbl_mariner_2.0	—	—
msrc	cm2_libxml2_2.10.4-8_on_cbl_mariner_2.0	—	—
nokogiri	nokogiri	>= 0 < 1.18.9	1.18.9
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	openshift_container_platform	—	—
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-6.7+deb11u8	2.9.10+dfsg-6.7+deb11u8
xmlsoft	libxml2	>= 0 < 2.9.14+dfsg-1.3~deb12u3	2.9.14+dfsg-1.3~deb12u3
xmlsoft	libxml2	>= 0 < 2.12.7+dfsg+really2.9.14-2.1	2.12.7+dfsg+really2.9.14-2.1
xmlsoft	libxml2	>= 0 < 2.12.7+dfsg+really2.9.14-2.1	2.12.7+dfsg+really2.9.14-2.1
xmlsoft	libxml2	>= 0 < 2.9.13+dfsg-1ubuntu0.8	2.9.13+dfsg-1ubuntu0.8
xmlsoft	libxml2	>= 0 < 2.9.14+dfsg-1.3ubuntu3.4	2.9.14+dfsg-1.3ubuntu3.4
xmlsoft	libxml2	>= 0 < 2.9.1+dfsg1-3ubuntu4.13+esm8	2.9.1+dfsg1-3ubuntu4.13+esm8
xmlsoft	libxml2	>= 0 < 2.9.3+dfsg1-1ubuntu0.7+esm9	2.9.3+dfsg1-1ubuntu0.7+esm9
xmlsoft	libxml2	>= 0 < 2.9.4+dfsg1-6.1ubuntu1.9+esm4	2.9.4+dfsg1-6.1ubuntu1.9+esm4
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-5ubuntu0.20.04.10+esm1	2.9.10+dfsg-5ubuntu0.20.04.10+esm1

CVSS provenance

nvdv3.12.5LOWCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

ghsa9.1CRITICAL

osv9.1CRITICAL