Lucene search

K

GoogleOSV:CVE-2021-3518

HistoryMay 18, 2021 - 12:15 p.m.

CVE-2021-3518

2021-05-1812:15:08

Google

osv.dev

14

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.046 Low

EPSS

Percentile

92.4%

There’s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

CPENameOperatorVersion
libxml2eq2.9.10-r2
libxml2eqLIBXML2_2_6_22
libxml2eq2.7.7-r3
libxml2eqCVE-2016-1834
libxml2eqLIBXML2_2_6_13
libxml2eqLIBXML_2_5_3
libxml2eqCVE-2021-3541
libxml2eq2.9.8
libxml2eqLIBXML_2_4_22
libxml2eqLIBXML_2_0_0

Rows per page:

1-10 of 2331

References

seclists.org/fulldisclosure/2021/Jul/54

seclists.org/fulldisclosure/2021/Jul/55

seclists.org/fulldisclosure/2021/Jul/58

seclists.org/fulldisclosure/2021/Jul/59

bugzilla.redhat.com/show_bug.cgi?id=1954242

lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

lists.debian.org/debian-lts-announce/2021/05/msg00008.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

security.gentoo.org/glsa/202107-05

security.netapp.com/advisory/ntap-20210625-0002/

support.apple.com/kb/HT212601

support.apple.com/kb/HT212602

support.apple.com/kb/HT212604

support.apple.com/kb/HT212605

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.046 Low

EPSS

Percentile

92.4%

Related for OSV:CVE-2021-3518