Lucene search

K
cloudlinuxCloudLinuxCLSA-2021:1640697315
HistoryDec 28, 2021 - 1:15 p.m.

Fix of CVE: CVE-2021-3516, CVE-2021-3537, CVE-2017-8872, CVE-2021-3518, CVE-2019-20388, CVE-2020-24977, CVE-2021-3541, CVE-2021-3517

2021-12-2813:15:15
repo.cloudlinux.com
34

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.4%

  • CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities
  • CVE-2021-3518.patch: fix user-after-free with ‘xmllint --xinclude --dropdtd’
  • CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv
  • CVE-2021-3541.patch: parser fix for the billion laughs attack
  • CVE-2021-3516.patch: fix use-after-free with ‘xmllint --html --push’
  • CVE-2017-8872.patch: free input buffer in xmlHaltParser
  • CVE-2019-20388.patch: fix memory leak in xmlSchemaValidateStream
  • CVE-2020-24977.patch: fix out-of-bounds read with ‘xmllint --htmlout’

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.4%