AZL-74778

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74778.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-74778

Upstream

CVE-2026-0992

Published

2026-01-15T15:15:52Z

Modified

2026-04-21T04:38:47.908952Z

Summary

CVE-2026-0992 affecting package libxml2 for versions less than 2.10.4-10

Details

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-0992

Affected packages

Azure Linux:2 / libxml2

Package

Name: libxml2
Purl: pkg:rpm/azure-linux/libxml2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.4-10

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74778.json"