CVE-2025-6021

Public on 2025-06-12

Modified on 2025-06-13

Description

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Severity

Important

See what this means

CVSS v3 Base Score

8.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Core	libxml2	2025-06-24	ALAS2-2025-2893
Amazon Linux 2023	libxml2	2025-06-23	ALAS2023-2025-1019

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD	CVSSv3	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2025-6021 Mitre: CVE-2025-6021