关键漏洞信息 CVE编号: CVE-2026-0989 Bug ID: 2429933 漏洞类型: Uncontrolled recursion 组件: libxml2 影响: Stack overflow and application crash, leading to denial of service 根本原因: Absence of limits on recursive directive resolution in libxml2's RelaxNG include handling logic 受影响的环境: Linux systems using libxml2 报告日期: 2026-01-15 12:53 UTC 修改日期: 2026-01-15 13:48 UTC 关键描述 问题描述: Uncontrolled recursion vulnerability in the RelaxNG include handling logic of the libxml2 XML parsing library. Processing deeply nested chains of included RelaxNG schema files leads to unbounded recursion, depleting the system call stack and causing a stack overflow and application crash, resulting in a denial of service. 附加信息 相关Bug编号: 2429936, 2429937, 2429938, 2429939, 2429940, 2429941, 2429942, 2429943, 2429944, 2429945, 2429946, 2429947 状态: NEW 优先级: Low 严重性: Low