Out-of-bounds

2021-05-1914:15:00

PRIOn knowledge base

www.prio-n.com

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

8.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.0%

JSON

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

CPENameOperatorVersion
debian_linuxeq9.0
fedoraeq33
fedoraeq34
e-series_santricity_os_controllerge11.0.0
e-series_santricity_os_controllerle11.70.1
communications_cloud_native_core_network_function_cloud_native_environmenteq1.10.0
enterprise_manager_base_platformeq13.4.0.0
enterprise_manager_base_platformeq13.5.0.0
mysql_workbenchle8.0.26
openjdkeq8 update301

Name	Operator	Version
debian_linux	eq	9.0
fedora	eq	33
fedora	eq	34
e-series_santricity_os_controller	ge	11.0.0
e-series_santricity_os_controller	le	11.70.1
communications_cloud_native_core_network_function_cloud_native_environment	eq	1.10.0
enterprise_manager_base_platform	eq	13.4.0.0
enterprise_manager_base_platform	eq	13.5.0.0
mysql_workbench	le	8.0.26
openjdk	eq	8 update301