A flaw in libxml2’s xmlBuildQName function causes an integer overflow during buffer size calculations, leading to a stack-based buffer overflow. When maliciously crafted XML is processed, the overflow can corrupt stack memory or trigger a denial‑of‑service by crashing the parsing process. The impact is memory corruption that can terminate services or, in worst case, give an attacker the ability to influence control flow due to the overwritten return address, though no remote code execution has been demonstrated.

Red Hat products that ship libxml2 are affected, including all supported RHEL releases from 6 through 10 and the corresponding extended‑lifecycle streams (e.g., RHEL 8, RHEL 9, RHEL 8.2, 8.4, 8.6, 9.0, 9.2, 9.4, 9.6 and their EUS/TS variants). The flaw also impacts Red Hat Discovery 2, Red Hat Hardened Images, Red Hat Insights Proxy 1.5, Red Hat JBoss Core Services 2.4.62.SP2, and every OpenShift Container Platform from 4.12 through 4.19 across all supported architectures. Because libxml2 is used internally by many Red Hat applications, any of the above products that parse XML without input validation are susceptible.

The CVSS score of 7.5 indicates a high‑severity vulnerability, and an EPSS score of 2% shows that, while the likelihood of exploitation is currently low, it is not negligible. The flaw is not listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation at this time. However, the attack vector is likely to be through any component that accepts externally supplied XML, such as web services, configuration files, or message queues. An attacker would need the ability to supply crafted XML to trigger the overflow; local or remote exploitation depends on the context of the vulnerable service. Given the nature of the overflow, a denial‑of‑service outcome is most assured, but the potential for memory corruption could allow privilege escalation if the attacker can influence the corrupted stack contents.