CVE-2021-3518

🗓️ 18 May 2021 11:20:24Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 438 Views

Flaw in libxml2 pre-2.9.11 allows crafted file processing triggering use-after-free

Reporter	Title	Published	Views	Family All 242
IBM Security Bulletins	Security Bulletin: libXml2 used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2021-3518)	15 Sep 202122:14	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities fixed in Cloud Pak for Automation components	19 Jan 202216:26	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in IBM Java Runtime and libxml2 affecting Tivoli Netcool/OMNIbus (Multiple CVEs)	30 Sep 202112:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access	7 Jan 202200:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	5 May 202316:01	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [CVE-2021-3518]	27 Sep 202409:49	–	ibm
Tenable Nessus	Amazon Linux 2 : libxml2 (ALAS-2021-1677)	1 Jul 202100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libxml2 (ALAS-2023-1743)	4 May 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0047: libxml2 (ALINUX3-SA-2021:0047)	14 May 202500:00	–	nessus

NVD

Vulners

Node

xmlsoft libxml2Range<2.9.11

Node

debian debian_linuxMatch9.0

Node

redhat jboss_core_servicesMatch-

redhat enterprise_linuxMatch8.0

Node

fedoraproject fedoraMatch33

fedoraproject fedoraMatch34

Node

netapp active_iq_unified_managerMatch-vmware_vsphere

netapp clustered_data_ontapMatch-

netapp clustered_data_ontap_antivirus_connectorMatch-

netapp manageability_software_development_kitMatch-

netapp ontap_select_deploy_administration_utilityMatch-

netapp snapdriveMatch-windows

Node

netapp hci_h410c_firmwareMatch-

AND

netapp hci_h410cMatch-

Node

oracle communications_cloud_native_core_network_function_cloud_native_environmentMatch1.10.0

oracle enterprise_manager_base_platformMatch13.4.0.0

oracle enterprise_manager_base_platformMatch13.5.0.0

oracle enterprise_manager_ops_centerMatch12.4.0.0

oracle mysql_workbenchRange≤8.0.26

oracle peoplesoft_enterprise_peopletoolsMatch8.58

oracle real_user_experience_insightMatch13.4.1.0

oracle real_user_experience_insightMatch13.5.1.0

[
  {
    "product": "libxml2",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "libxml2 2.9.11"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
seclists	www.seclists.org/fulldisclosure/2021/Jul/58
security	www.security.netapp.com/advisory/ntap-20210625-0002/
seclists	www.seclists.org/fulldisclosure/2021/Jul/54
oracle	www.oracle.com/security-alerts/cpuoct2021.html
seclists	www.seclists.org/fulldisclosure/2021/Jul/59
lists	www.lists.debian.org/debian-lts-announce/2021/05/msg00008.html
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
security	www.security.gentoo.org/glsa/202107-05
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

21 Nov 2024 06:21Current

8.4High risk

Vulners AI Score8.4

CVSS 26.8

CVSS 3.18.8

EPSS0.03653

CWE-416