Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2021-3516

Published: 01/06/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Xmlsoft

Vulnerability Summary

There's a flaw in libxml2's xmllint in versions prior to 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xmlsoft xmllint

debian debian linux 9.0

fedoraproject fedora 33

fedoraproject fedora 34

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat jboss core services -

redhat enterprise linux 8.0

netapp ontap select deploy administration utility -

netapp clustered data ontap -

netapp clustered data ontap antivirus connector -

oracle zfs storage appliance kit 8.8

Vendor Advisories

Debian CVElist Bug Report Logs: libxml2: CVE-2021-3516
Debian Bug report logs - #987739 libxml2: CVE-2021-3516 Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 28 Apr 2021 19:33:02 UTC Severity: important Tags: security, upstream Foun ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP11 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2 ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP11 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Apache HTTP Server 2437 Service Pack 11 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is availableRed Hat Product Securit ...
Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update
Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Red Hat: Important: Service Telemetry Framework 1.4 security update
Synopsis Important: Service Telemetry Framework 14 security update Type/Severity Security Advisory: Important Topic An update is now available for Service Telemetry Framework 14 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...
Amazon Linux 2: ALAS2-2021-1677
There's a flaw in libxml2's xmllint An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free The greatest impact of this flaw is to confidentiality, integrity, and availability (CVE-2021-3516) There's a flaw in libxml2 An attacker who is able to submit a crafted file to be processed by an applic ...
Amazon Linux AMI: ALAS-2023-1743
parserc in libxml2 before 295 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name (CVE-2017-16931) GNOME project libxml2 v2910 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entitiesc The issue has been ...
Red Hat: CVE-2021-3516
No description is available for this CVE ...
Arch Linux Issues:
A use-after-free security issue was found libxml2 when "xmllint --html --push" is used to process crafted files ...

ICS Advisories

Hitachi Energy APM Edge
Critical Infrastructure Sectors: Energy
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-416https://bugzilla.redhat.com/show_bug.cgi?id=1954225https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539https://gitlab.gnome.org/GNOME/libxml2/-/issues/230https://lists.debian.org/debian-lts-announce/2021/05/msg00008.htmlhttps://security.gentoo.org/glsa/202107-05https://security.netapp.com/advisory/ntap-20210716-0005/https://www.oracle.com/security-alerts/cpujan2022.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987739https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-336-06https://alas.aws.amazon.com/AL2/ALAS-2021-1677.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook