View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2026-0992 severity moderate: SUSE including 324 source package names (1.1.1-1.29:libxml2-2-2.12.10-150700.4.11.1, 13.2-9.72:libopenssl3-3.1.4-8.1, …), 588 product×package rows across 140 product lines (Container private-registry/harbor-portal, Container suse/ltss/sle12.5/sles12sp5, … (140 product lines)): Fixed 348, Known Affected 231, First Fixed 9.
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.