CVE-2026-0990

{"id": "CVE-2026-0990", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2026-01-15T15:15:52.503", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:7519", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-0990", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429959", "source": "secalert@redhat.com"}, {"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018", "source": "secalert@redhat.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-674"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en libxml2, una biblioteca de an\u00e1lisis XML. Esta vulnerabilidad de recursi\u00f3n incontrolada ocurre en la funci\u00f3n xmlCatalogXMLResolveURI cuando un cat\u00e1logo XML contiene una entrada URI delegada que se referencia a s\u00ed misma. Un atacante remoto podr\u00eda explotar este problema dependiente de la configuraci\u00f3n al proporcionar un cat\u00e1logo XML especialmente dise\u00f1ado, lo que lleva a una recursi\u00f3n infinita y al agotamiento de la pila de llamadas. Esto finalmente resulta en una falla de segmentaci\u00f3n, causando una denegaci\u00f3n de servicio (DoS) al bloquear las aplicaciones afectadas."}], "lastModified": "2026-04-22T10:16:50.113", "sourceIdentifier": "secalert@redhat.com"}