A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

CNA Affected

[
  {
    "product": "libxml2",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "libxml2 2.9.11"
      }
    ]
  }
]

References

bugzilla.redhat.com/show_bug.cgi?id=1956522

lists.debian.org/debian-lts-announce/2021/05/msg00008.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

security.gentoo.org/glsa/202107-05

security.netapp.com/advisory/ntap-20210625-0002/

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

redhatcve 1

attackerkb 1

ubuntucve 1

prion 1

veracode 1

cbl_mariner 1

alpinelinux 1

nvd 1

cve 1

osv 7

github 2

debiancve 1

nessus 37

openvas 23

ibm 6

amazon 2

fedora 2

suse 1

debian 1

mageia 1

photon 6

redhat 14

altlinux 1

almalinux 1

oraclelinux 1

rocky 1

gentoo 1

cloudlinux 2

ubuntu 1

cloudfoundry 1

rosalinux 1

ics 2

tenable 1

oracle 4

redhatcve

CVE-2021-3537

2021-05-05 19:49:32

attackerkb

CVE-2021-3537

2021-05-14 00:00:00

ubuntucve

CVE-2021-3537

2021-05-14 00:00:00

prion

Design/Logic Flaw

2021-05-14 20:15:00

veracode

Denial Of Service (DoS)

2021-05-08 14:26:04

cbl_mariner

CVE-2021-3537 affecting package libxml2 2.9.10-4

2021-06-09 03:50:32

alpinelinux

CVE-2021-3537

2021-05-14 20:15:16

nvd

CVE-2021-3537

2021-05-14 20:15:16

cve

CVE-2021-3537

2021-05-14 20:15:16

osv

Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing

2022-05-24 19:02:26

libxml2 - security update

2021-05-10 00:00:00

Moderate: libxml2 security update

2021-06-29 13:42:19

github

Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing

2022-05-24 19:02:26

Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12

2021-05-17 20:52:05

debiancve

CVE-2021-3537

2021-05-14 20:15:16

nessus

EulerOS Virtualization 2.9.0 : libxml2 (EulerOS-SA-2021-2193)

2021-07-13 00:00:00

EulerOS Virtualization 2.9.1 : libxml2 (EulerOS-SA-2021-2185)

2021-07-13 00:00:00

Photon OS 2.0: Libxml2 PHSA-2021-2.0-0351

2021-06-10 00:00:00

openvas

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2021-2185)

2021-07-13 00:00:00

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2021-2193)

2021-07-13 00:00:00

Fedora: Security Advisory for libxml2 (FEDORA-2021-e3ed1ba38b)

2021-05-13 00:00:00

ibm

Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Libxml2

2023-12-07 23:00:02

Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Libxml2

2023-12-07 23:00:02

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access

2022-01-07 00:24:27

amazon

Medium: libxml2

2021-07-01 01:03:00

Medium: libxml2

2023-04-27 16:19:00

fedora

[SECURITY] Fedora 34 Update: libxml2-2.9.10-12.fc34

2021-05-10 01:07:26

[SECURITY] Fedora 33 Update: libxml2-2.9.12-4.fc33

2021-06-14 01:22:50

suse

Security update for libxml2 (important)

2021-05-22 00:00:00

debian

[SECURITY] [DLA 2653-1] libxml2 security update

2021-05-10 12:31:54

mageia

Updated libxml2 packages fix security vulnerabilities

2021-05-19 22:29:59

photon

Important Photon OS Security Update - PHSA-2021-0399

2021-05-31 00:00:00

Important Photon OS Security Update - PHSA-2021-0246

2021-06-02 00:00:00

Critical Photon OS Security Update - PHSA-2021-0035

2021-06-02 00:00:00

redhat

(RHSA-2021:2569) Moderate: libxml2 security update

2021-06-29 13:42:19

(RHSA-2022:1390) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update

2022-04-20 19:26:37

(RHSA-2022:1389) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update

2022-04-20 19:26:07

altlinux

Security fix for the ALT Linux 10 package libxml2 version 1:2.9.12-alt1

2021-06-15 00:00:00

almalinux

Moderate: libxml2 security update

2021-06-29 13:42:19

oraclelinux

libxml2 security update

2021-07-03 00:00:00

rocky

libxml2 security update

2021-06-29 13:42:19

gentoo

libxml2: Multiple vulnerabilities

2021-07-06 00:00:00

cloudlinux

Fix of 8 CVEs

2022-01-11 12:18:56

Fix of CVE: CVE-2021-3516, CVE-2021-3537, CVE-2017-8872, CVE-2021-3518, CVE-2019-20388, CVE-2020-24977, CVE-2021-3541, CVE-2021-3517

2021-12-28 13:15:15

ubuntu

libxml2 vulnerabilities

2021-06-17 00:00:00

cloudfoundry

USN-4991-1: libxml2 vulnerabilities | Cloud Foundry

2021-07-08 00:00:00

rosalinux

Advisory ROSA-SA-2021-1905

2021-07-02 17:25:35

ics

Hitachi Energy APM Edge (Update A)

2022-10-18 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.2 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for CVELIST:CVE-2021-3537