Published: 14/05/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

A vulnerability found in libxml2 in versions prior to 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xmlsoft libxml2
redhat enterprise linux 7.0
redhat enterprise linux 6.0
redhat jboss core services -
redhat enterprise linux 8.0
debian debian linux 9.0
fedoraproject fedora 33
fedoraproject fedora 34
netapp ontap select deploy administration utility -
netapp clustered data ontap -
netapp clustered data ontap antivirus connector -
netapp snapdrive -
netapp active iq unified manager -
netapp manageability software development kit -
netapp hci_h410c_firmware -
oracle peoplesoft enterprise peopletools 8.58
oracle enterprise manager base platform 13.4.0.0
oracle enterprise manager ops center 12.4.0.0
oracle openjdk 8
oracle enterprise manager base platform 13.5.0.0
oracle mysql workbench
oracle real user experience insight 13.4.1.0
oracle real user experience insight 13.5.1.0
oracle communications cloud native core network function cloud native environment 1.10.0

Debian Bug report logs - #988123 libxml2: CVE-2021-3537 Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 6 May 2021 07:54:01 UTC Severity: important Tags: security, upstream Foun ...

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP11 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2 ...

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP11 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Apache HTTP Server 2437 Service Pack 11 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is availableRed Hat Product Securit ...

Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...

Synopsis Important: Service Telemetry Framework 14 security update Type/Severity Security Advisory: Important Topic An update is now available for Service Telemetry Framework 14 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

There's a flaw in libxml2's xmllint An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free The greatest impact of this flaw is to confidentiality, integrity, and availability (CVE-2021-3516) There's a flaw in libxml2 An attacker who is able to submit a crafted file to be processed by an applic ...

parserc in libxml2 before 295 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name (CVE-2017-16931) GNOME project libxml2 v2910 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entitiesc The issue has been ...

No description is available for this CVE ...

It was found that libxml2 did not propagate errors while parsing XML mixed content, causing a NULL dereference If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application ...

Critical Infrastructure Sectors: Energy

Critical Infrastructure Sectors: Critical Manufacturing

CWE-476 https://bugzilla.redhat.com/show_bug.cgi?id=1956522 https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html https://security.netapp.com/advisory/ntap-20210625-0002/https://security.gentoo.org/glsa/202107-05 https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123 https://nvd.nist.gov https://www.cisa.gov/uscert/ics/advisories/icsa-21-336-06 https://alas.aws.amazon.com/AL2/ALAS-2021-1677.html

CVE-2021-3537

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect