There is a flaw in the xml entity encoding functionality of libxml2 in versions prior to 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xmlsoft libxml2 |
||
redhat jboss core services - |
||
redhat enterprise linux 8.0 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
debian debian linux 9.0 |
||
netapp snapmanager - |
||
netapp oncommand workflow automation - |
||
netapp oncommand insight - |
||
netapp ontap select deploy administration utility - |
||
netapp clustered data ontap - |
||
netapp e-series santricity storage manager - |
||
netapp clustered data ontap antivirus connector - |
||
netapp snapdrive - |
||
netapp solidfire - |
||
netapp hci management node - |
||
netapp active iq unified manager - |
||
netapp santricity unified manager - |
||
netapp manageability software development kit - |
||
netapp e-series santricity web services - |
||
netapp e-series santricity os controller |
||
netapp hci_h410c_firmware - |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle enterprise manager base platform 13.4.0.0 |
||
oracle zfs storage appliance kit 8.8 |
||
oracle openjdk 8 |
||
oracle enterprise manager base platform 13.5.0.0 |
||
oracle mysql workbench |
||
oracle real user experience insight 13.4.1.0 |
||
oracle real user experience insight 13.5.1.0 |
||
oracle communications cloud native core network function cloud native environment 1.10.0 |