logo
DATABASE RESOURCES PRICING ABOUT US

CentOS 8 : libxml2 (CESA-2021:2569)

Description

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2569 advisory. - libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516) - libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517) - libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518) - libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537) - libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related