There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

🗓️ 26 May 2021 07:00:00Reported by MicrosoftType

Libxml2 pre-2.9.11 xml entity encoding flaw can trigger out-of-bounds read from crafted files, affecting availability.

Reporter	Title	Published	Views	Family All 241
IBM Security Bulletins	Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Libxml2	7 Dec 202323:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Libxml2	7 Dec 202323:00	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities fixed in Cloud Pak for Automation components	19 Jan 202216:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access	7 Jan 202200:24	–	ibm
Tenable Nessus	Amazon Linux 2 : libxml2 (ALAS-2021-1662)	4 Jan 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : java-11-amazon-corretto (ALAS-2021-1718)	5 Nov 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-012)	31 May 202400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libxml2 (ALAS-2023-1743)	4 May 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0047: libxml2 (ALINUX3-SA-2021:0047)	14 May 202500:00	–	nessus

Vulners

Node

26 May 2021 07:00Current

7High risk

Vulners AI Score7

CVSS 27.5

CVSS 3.18.6

EPSS0.00107

SSVC