CVE-2026-1757

{"id": "CVE-2026-1757", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2026-02-02T13:15:58.580", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:7519", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-1757", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", "source": "secalert@redhat.com"}, {"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009", "source": "secalert@redhat.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system."}, {"lang": "es", "value": "Se identific\u00f3 una falla en la shell interactiva de la utilidad xmllint, parte del proyecto libxml2, donde la memoria asignada para la entrada del usuario no se libera correctamente bajo ciertas condiciones. Cuando un usuario env\u00eda una entrada que consiste \u00fanicamente en espacios en blanco, el programa omite la ejecuci\u00f3n del comando pero no libera el b\u00fafer asignado. Repetir esta acci\u00f3n provoca que la memoria se acumule continuamente. Con el tiempo, esto puede agotar la memoria del sistema y terminar el proceso xmllint, creando una condici\u00f3n de denegaci\u00f3n de servicio en el sistema local."}], "lastModified": "2026-04-22T10:16:50.683", "sourceIdentifier": "secalert@redhat.com"}