There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Affected Software

CPE Name Name Version
xmlsoft:libxml2 xmlsoft libxml2 2.9.11
redhat:jboss_core_services redhat jboss core services -
redhat:enterprise_linux redhat enterprise linux 8.0
fedoraproject:fedora fedoraproject fedora 33
fedoraproject:fedora fedoraproject fedora 34
debian:debian_linux debian debian linux 9.0
netapp:snapmanager netapp snapmanager -
netapp:oncommand_workflow_automation netapp oncommand workflow automation -
netapp:oncommand_insight netapp oncommand insight -
netapp:ontap_select_deploy_administration_utility netapp ontap select deploy administration utility -
netapp:clustered_data_ontap netapp clustered data ontap -
netapp:e-series_santricity_storage_manager netapp e-series santricity storage manager -
netapp:clustered_data_ontap_antivirus_connector netapp clustered data ontap antivirus connector -
netapp:snapdrive netapp snapdrive -
netapp:solidfire netapp solidfire -
netapp:hci_management_node netapp hci management node -
netapp:active_iq_unified_manager netapp active iq unified manager -
netapp:santricity_unified_manager netapp santricity unified manager -
netapp:manageability_software_development_kit netapp manageability software development kit -
netapp:e-series_santricity_web_services netapp e-series santricity web services -
netapp:e-series_santricity_os_controller netapp e-series santricity os controller 11.70.1
netapp:hci_h410c_firmware netapp hci h410c firmware -
oracle:peoplesoft_enterprise_peopletools oracle peoplesoft enterprise peopletools 8.58
oracle:enterprise_manager_base_platform oracle enterprise manager base platform
oracle:zfs_storage_appliance_kit oracle zfs storage appliance kit 8.8
oracle:openjdk oracle openjdk 8
oracle:enterprise_manager_base_platform oracle enterprise manager base platform
oracle:mysql_workbench oracle mysql workbench 8.0.26
oracle:real_user_experience_insight oracle real user experience insight
oracle:real_user_experience_insight oracle real user experience insight
oracle:communications_cloud_native_core_network_function_cloud_native_environment oracle communications cloud native core network function cloud native environment 1.10.0