{ "threat_severity" : "Important", "public_date" : "2025-02-18T00:00:00Z", "bugzilla" : { "description" : "libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2", "id" : "2346421", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2346421" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-121", "details" : [ "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.", "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD." ], "statement" : "This vulnerability is rated as important because it involves a stack-based buffer overflow in the xmlSnprintfElements function within valid.c. Exploiting this issue requires DTD validation to occur on an untrusted document or untrusted DTD, making it a potential security risk for applications using libxml2 that do not adequately restrict DTD input.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHBA-2025:6597", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "libxml2-0:2.12.5-5.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2025-03-12T00:00:00Z", "advisory" : "RHSA-2025:2673", "cpe" : "cpe:/o:redhat:rhel_els:7", "package" : "libxml2-0:2.9.1-6.el7_9.9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-03-12T00:00:00Z", "advisory" : "RHSA-2025:2686", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "libxml2-0:2.9.7-19.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-03-12T00:00:00Z", "advisory" : "RHSA-2025:2686", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "libxml2-0:2.9.7-19.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2654", "cpe" : "cpe:/a:redhat:rhel_aus:8.2", "package" : "libxml2-0:2.9.7-9.el8_2.1" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2660", "cpe" : "cpe:/a:redhat:rhel_aus:8.4", "package" : "libxml2-0:2.9.7-9.el8_4.5" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2660", "cpe" : "cpe:/a:redhat:rhel_tus:8.4", "package" : "libxml2-0:2.9.7-9.el8_4.5" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2660", "cpe" : "cpe:/a:redhat:rhel_e4s:8.4", "package" : "libxml2-0:2.9.7-9.el8_4.5" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2513", "cpe" : "cpe:/a:redhat:rhel_aus:8.6", "package" : "libxml2-0:2.9.7-13.el8_6.8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2513", "cpe" : "cpe:/a:redhat:rhel_tus:8.6", "package" : "libxml2-0:2.9.7-13.el8_6.8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2513", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6", "package" : "libxml2-0:2.9.7-13.el8_6.8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2507", "cpe" : "cpe:/a:redhat:rhel_eus:8.8", "package" : "libxml2-0:2.9.7-16.el8_8.7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-03-12T00:00:00Z", "advisory" : "RHSA-2025:2679", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "libxml2-0:2.9.13-6.el9_5.2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-03-12T00:00:00Z", "advisory" : "RHSA-2025:2679", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "libxml2-0:2.9.13-6.el9_5.2" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2483", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "libxml2-0:2.9.13-1.el9_0.4" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2482", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "libxml2-0:2.9.13-3.el9_2.6" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-03-12T00:00:00Z", "advisory" : "RHSA-2025:2678", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "libxml2-0:2.9.13-9.el9_4" }, { "product_name" : "Red Hat JBoss Core Services 2.4.62", "release_date" : "2025-04-02T00:00:00Z", "advisory" : "RHSA-2025:3453", "cpe" : "cpe:/a:redhat:jboss_core_services:1", "package" : "libxml2" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2025-04-10T00:00:00Z", "advisory" : "RHSA-2025:3573", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "rhcos-412.86.202503310142-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2025-04-17T00:00:00Z", "advisory" : "RHSA-2025:3780", "cpe" : "cpe:/a:redhat:openshift:4.13::el9", "package" : "rhcos-413.92.202504070146-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2025-04-09T00:00:00Z", "advisory" : "RHSA-2025:3569", "cpe" : "cpe:/a:redhat:openshift:4.14::el9", "package" : "rhcos-414.92.202504010153-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2025-03-26T00:00:00Z", "advisory" : "RHSA-2025:3055", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "rhcos-415.92.202503190057-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2025-04-03T00:00:00Z", "advisory" : "RHSA-2025:3301", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "rhcos-416.94.202503252048-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2025-04-03T00:00:00Z", "advisory" : "RHSA-2025:3297", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "rhcos-417.94.202503241418-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-04-16T00:00:00Z", "advisory" : "RHSA-2025:3775", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "rhcos-418.94.202504080525-0" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2025-06-30T00:00:00Z", "advisory" : "RHSA-2025:9895", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-config-sync-rhel9:1.4.8-1" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2025-06-30T00:00:00Z", "advisory" : "RHSA-2025:9895", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-flow-collector-rhel9:1.4.8-1" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2025-06-30T00:00:00Z", "advisory" : "RHSA-2025:9895", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-operator-bundle:1.4.8-1" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2025-06-30T00:00:00Z", "advisory" : "RHSA-2025:9895", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-router-rhel9:2.4.3-9" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2025-06-30T00:00:00Z", "advisory" : "RHSA-2025:9895", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-service-controller-rhel9:1.4.8-1" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2025-06-30T00:00:00Z", "advisory" : "RHSA-2025:9895", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-site-controller-rhel9:1.4.8-1" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2025-04-17T00:00:00Z", "advisory" : "RHSA-2025:4005", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-config-sync-rhel9:1.8.5-1" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2025-04-17T00:00:00Z", "advisory" : "RHSA-2025:4005", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-controller-podman-container-rhel9:1.8.5-1" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2025-04-17T00:00:00Z", "advisory" : "RHSA-2025:4005", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-controller-podman-rhel9:1.8.5-1" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2025-04-17T00:00:00Z", "advisory" : "RHSA-2025:4005", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-flow-collector-rhel9:1.8.5-1" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2025-04-17T00:00:00Z", "advisory" : "RHSA-2025:4005", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-operator-bundle:1.8.5-2" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2025-04-17T00:00:00Z", "advisory" : "RHSA-2025:4005", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-router-rhel9:2.7.5-2" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2025-04-17T00:00:00Z", "advisory" : "RHSA-2025:4005", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-service-controller-rhel9:1.8.5-1" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2025-04-17T00:00:00Z", "advisory" : "RHSA-2025:4005", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-site-controller-rhel9:1.8.5-1" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8:sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8:sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-data-science-pipelines-operator-controller-rhel8:sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-kf-notebook-controller-rhel8:sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-kuberay-operator-controller-rhel8:sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-kueue-controller-rhel8:sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-mlmd-grpc-server-rhel8:sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-ml-pipelines-driver-rhel8:sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-ml-pipelines-launcher-rhel8:sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-model-controller-rhel8:sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-modelmesh-rhel8:sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-modelmesh-runtime-adapter-rhel8:sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-notebook-controller-rhel8:sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8:sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8:sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-data-science-pipelines-operator-controller-rhel8:sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-kf-notebook-controller-rhel8:sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-kuberay-operator-controller-rhel8:sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-kueue-controller-rhel8:sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-mlmd-grpc-server-rhel8:sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-ml-pipelines-driver-rhel8:sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-ml-pipelines-launcher-rhel8:sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-model-controller-rhel8:sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-modelmesh-rhel8:sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-modelmesh-runtime-adapter-rhel8:sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-notebook-controller-rhel8:sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-03-13T00:00:00Z", "advisory" : "RHSA-2025:2789", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/opentelemetry-collector-rhel8:sha256:12407a15fefa30bb851444d27b00e1815970ae085deca7c17537612ec9e4bff6" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-03-13T00:00:00Z", "advisory" : "RHSA-2025:2789", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/opentelemetry-rhel8-operator:sha256:7e0320614f3be4e8bb1442d5890d2a6cebaf0a1038599d6afbf50daca91e1d65" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-03-13T00:00:00Z", "advisory" : "RHSA-2025:2789", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/opentelemetry-target-allocator-rhel8:sha256:0742729985d0b1ce925bdaaa92c2bb42272902f4c2e93038c0fcf171c7baf03f" }, { "product_name" : "Red Hat Openshift Network Observability 1.8.1", "release_date" : "2025-04-14T00:00:00Z", "advisory" : "RHSA-2025:3867", "cpe" : "cpe:/a:redhat:network_observ_optr:1.8::el9", "package" : "network-observability/network-observability-rhel9-operator:sha256:3ff12a979feb3b4a2b69f5e7e253eebea703d334e295aefe36884d91e48dd901" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "libxml2", "cpe" : "cpe:/o:redhat:enterprise_linux:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-24928\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-24928\nhttps://gitlab.gnome.org/GNOME/libxml2/-/issues/847\nhttps://issues.oss-fuzz.com/issues/392687022" ], "name" : "CVE-2025-24928", "csaw" : false }