vulnerability
Arch Linux: Denial of service (CVE-2025-6021)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Jun 12, 2025 | Jul 11, 2025 | Feb 9, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jun 12, 2025
Added
Jul 11, 2025
Modified
Feb 9, 2026
Description
The xmlBuildQName function in tree.c is vulnerable to an integer overflow when calculating the required buffer size for concatenating a prefix and a local name (ncname). The lengths of ncname and prefix are retrieved using strlen (which returns size_t) but are then implicitly cast to int variables lenn and lenp.
Solution
arch-linux-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.