CVE-2021-3517

🗓️ 19 May 2021 13:45:00Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 9 Media mentions👁 564 Views

Flaw in xml entity encoding of libxml2 v2.9.11, allows crafted file to trigger out-of-bounds rea

Reporter	Title	Published	Views	Family All 241
IBM Security Bulletins	Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Libxml2	7 Dec 202323:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Libxml2	7 Dec 202323:00	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities fixed in Cloud Pak for Automation components	19 Jan 202216:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access	7 Jan 202200:24	–	ibm
Tenable Nessus	Amazon Linux 2 : libxml2 (ALAS-2021-1662)	4 Jan 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : java-11-amazon-corretto (ALAS-2021-1718)	5 Nov 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-012)	31 May 202400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libxml2 (ALAS-2023-1743)	4 May 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0047: libxml2 (ALINUX3-SA-2021:0047)	14 May 202500:00	–	nessus

NVD

Vulners

Node

xmlsoft libxml2Range<2.9.11

Node

redhat jboss_core_servicesMatch-

redhat enterprise_linuxMatch8.0

Node

fedoraproject fedoraMatch33

fedoraproject fedoraMatch34

Node

debian debian_linuxMatch9.0

Node

netapp active_iq_unified_managerMatch-vmware_vsphere

netapp active_iq_unified_managerMatch-windows

netapp clustered_data_ontapMatch-

netapp clustered_data_ontap_antivirus_connectorMatch-

netapp e-series_santricity_os_controllerRange11.0.0–11.70.1

netapp e-series_santricity_storage_managerMatch-

netapp e-series_santricity_web_servicesMatch-web_services_proxy

netapp hci_management_nodeMatch-

netapp manageability_software_development_kitMatch-

netapp oncommand_insightMatch-

netapp oncommand_workflow_automationMatch-

netapp ontap_select_deploy_administration_utilityMatch-

netapp santricity_unified_managerMatch-

netapp snapdriveMatch-windows

netapp snapmanagerMatch-oracle

netapp snapmanagerMatch-sap

netapp solidfireMatch-

Node

netapp hci_h410c_firmwareMatch-

AND

netapp hci_h410cMatch-

Node

oracle communications_cloud_native_core_network_function_cloud_native_environmentMatch1.10.0

oracle enterprise_manager_base_platformMatch13.4.0.0

oracle enterprise_manager_base_platformMatch13.5.0.0

oracle mysql_workbenchRange≤8.0.26

oracle openjdkMatch8update301

oracle peoplesoft_enterprise_peopletoolsMatch8.58

oracle real_user_experience_insightMatch13.4.1.0

oracle real_user_experience_insightMatch13.5.1.0

oracle zfs_storage_appliance_kitMatch8.8

[
  {
    "product": "libxml2",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "libxml2 2.9.11"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20210625-0002/
oracle	www.oracle.com/security-alerts/cpuapr2022.html
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
lists	www.lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
security	www.security.gentoo.org/glsa/202107-05
oracle	www.oracle.com/security-alerts/cpujan2022.html
oracle	www.oracle.com/security-alerts/cpujul2022.html
security	www.security.netapp.com/advisory/ntap-20211022-0004/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

02 Dec 2025 22:16Current

8.4High risk

Vulners AI Score8.4

CVSS 27.5

CVSS 3.18.6

EPSS0.00107

SSVC