CVE-2021-3517

 

Published at: - 19-05-2021 04:15

Last modified: - 25-07-2022 08:16

Total changes: - 17

Description

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

 

Verification logic

 

Reference

• https://bugzilla.redhat.com/show_bug.cgi?id=1954232
• FEDORA-2021-e3ed1ba38b-Mailing List, Third Party Advisory
• [debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update-Mailing List, Third Party Advisory
• FEDORA-2021-b950000d2b-Mailing List, Third Party Advisory
• https://security.netapp.com/advisory/ntap-20210625-0002/
• [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8-Third Party Advisory
• [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8-Third Party Advisory
• GLSA-202107-05-Third Party Advisory
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://security.netapp.com/advisory/ntap-20211022-0004/
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://www.oracle.com/security-alerts/cpuapr2022.html
• N/A-

 

Keywords

NVD

 

CVE-2021-3517

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures