Published: 18/05/2021 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

There's a flaw in libxml2 in versions prior to 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xmlsoft libxml2
debian debian linux 9.0
redhat jboss core services -
redhat enterprise linux 8.0
fedoraproject fedora 33
fedoraproject fedora 34
netapp ontap select deploy administration utility -
netapp clustered data ontap -
netapp clustered data ontap antivirus connector -
netapp snapdrive -
netapp active iq unified manager -
netapp manageability software development kit -
netapp hci_h410c_firmware -
oracle peoplesoft enterprise peopletools 8.58
oracle enterprise manager base platform 13.4.0.0
oracle enterprise manager ops center 12.4.0.0
oracle enterprise manager base platform 13.5.0.0
oracle mysql workbench
oracle real user experience insight 13.4.1.0
oracle real user experience insight 13.5.1.0
oracle communications cloud native core network function cloud native environment 1.10.0

Debian Bug report logs - #987737 libxml2: CVE-2021-3518 Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 28 Apr 2021 19:27:01 UTC Severity: important Tags: security, upstream Foun ...

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP11 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2 ...

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP11 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Apache HTTP Server 2437 Service Pack 11 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is availableRed Hat Product Securit ...

Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...

Synopsis Important: Service Telemetry Framework 14 security update Type/Severity Security Advisory: Important Topic An update is now available for Service Telemetry Framework 14 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

There's a flaw in libxml2's xmllint An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free The greatest impact of this flaw is to confidentiality, integrity, and availability (CVE-2021-3516) There's a flaw in libxml2 An attacker who is able to submit a crafted file to be processed by an applic ...

parserc in libxml2 before 295 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name (CVE-2017-16931) GNOME project libxml2 v2910 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entitiesc The issue has been ...

No description is available for this CVE ...

A use-after-free security issue was found in libxml2 in xmlXIncludeDoProcess() in xincludec when processing crafted files ...

Critical Infrastructure Sectors: Energy

Critical Infrastructure Sectors: Critical Manufacturing

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2021-07-21-1 iOS 147 and iPadOS 147   From: Apple Prod ...

CWE-416 https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=1954242 https://security.netapp.com/advisory/ntap-20210625-0002/https://security.gentoo.org/glsa/202107-05 https://support.apple.com/kb/HT212604 https://support.apple.com/kb/HT212605 https://support.apple.com/kb/HT212602 https://support.apple.com/kb/HT212601 http://seclists.org/fulldisclosure/2021/Jul/55 http://seclists.org/fulldisclosure/2021/Jul/54 http://seclists.org/fulldisclosure/2021/Jul/58 http://seclists.org/fulldisclosure/2021/Jul/59 https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737 https://nvd.nist.gov https://www.cisa.gov/uscert/ics/advisories/icsa-21-336-06 https://alas.aws.amazon.com/AL2/ALAS-2021-1677.html

CVE-2021-3518

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect