Lucene search
RubySecRUBY:NOKOGIRI-2021-3518HistoryMay 23, 2022 - 9:00 p.m.
Nokogiri Implements libxml2 version vulnerable to use-after-free
2022-05-2321:00:00
RubySec
rubysec.com
11
nokogiri
libxml2
vulnerability
use-after-free
confidentiality
integrity
availability
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
There’s a flaw in libxml2 in versions before 2.9.11. An attacker
who is able to submit a crafted file to be processed by an application
linked with libxml2 could trigger a use-after-free. The greatest
impact from this flaw is to confidentiality, integrity, and availability.
Affected configurations
Node
rubynokogiri_gemRange<1.11.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ruby | nokogiri_gem | * | cpe:2.3:a:ruby:nokogiri_gem:*:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2021-05-18 12:15:00
cvelist
cvelist
CVE-2021-3518
2021-05-18 11:20:24
veracode
veracode
Remote Code Execution (RCE)
2021-05-08 15:20:45
ubuntucve
ubuntucve
CVE-2021-3518
2021-05-18 00:00:00
CVE-2020-24977
2020-09-04 00:00:00
alpinelinux
alpinelinux
CVE-2021-3518
2021-05-18 12:15:08
nvd
nvd
CVE-2021-3518
2021-05-18 12:15:08
ibm
ibm
redhatcve
redhatcve
CVE-2021-3518
2021-04-27 19:49:41
osv
osv
Nokogiri Implements libxml2 version vulnerable to use-after-free
2022-05-24 19:02:44
libxml2 - security update
2021-05-10 00:00:00
Moderate: libxml2 security update
2021-06-29 13:42:19
cbl_mariner
cbl_mariner
CVE-2021-3518 affecting package libxml2 2.9.10-4
2021-06-09 03:50:32
cve
cve
CVE-2021-3518
2021-05-18 12:15:08
github
github
Nokogiri Implements libxml2 version vulnerable to use-after-free
2022-05-24 19:02:44
Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12
2021-05-17 20:52:05
debiancve
debiancve
CVE-2021-3518
2021-05-18 12:15:08
nessus
nessus
Oracle Enterprise Manager Ops Center UCE Patches (Oct 2021 CPU)
2023-01-20 00:00:00
SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2021:1523-1)
2021-05-07 00:00:00
Oracle MySQL Workbench < 8.0.27 Multiple Vulnerabilities (Oct 2021)
2021-10-28 00:00:00
suse
suse
Security update for libxml2 (moderate)
2021-05-09 00:00:00
Security update for libxml2 (important)
2021-05-22 00:00:00
amazon
amazon
Medium: libxml2
2021-07-01 01:03:00
Medium: libxml2
2023-04-27 16:19:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:1523-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for libxml2 (openSUSE-SU-2021:0692-1)
2021-05-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1524-1)
2021-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: libxml2-2.9.10-12.fc34
2021-05-10 01:07:26
[SECURITY] Fedora 33 Update: libxml2-2.9.12-4.fc33
2021-06-14 01:22:50
mageia
mageia
Updated libxml2 packages fix security vulnerabilities
2021-05-19 22:29:59
photon
photon
Important Photon OS Security Update - PHSA-2021-0399
2021-05-31 00:00:00
Important Photon OS Security Update - PHSA-2021-0246
2021-06-02 00:00:00
Critical Photon OS Security Update - PHSA-2021-0035
2021-06-02 00:00:00
debian
debian
[SECURITY] [DLA 2653-1] libxml2 security update
2021-05-10 12:31:54
almalinux
almalinux
Moderate: libxml2 security update
2021-06-29 13:42:19
altlinux
altlinux
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.12-alt1
2021-06-15 00:00:00
redhat
redhat
(RHSA-2021:2569) Moderate: libxml2 security update
2021-06-29 13:42:19
oraclelinux
oraclelinux
libxml2 security update
2021-07-03 00:00:00
rocky
rocky
libxml2 security update
2021-06-29 13:42:19
gentoo
gentoo
libxml2: Multiple vulnerabilities
2021-07-06 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-3516, CVE-2021-3537, CVE-2017-8872, CVE-2021-3518, CVE-2019-20388, CVE-2020-24977, CVE-2021-3541, CVE-2021-3517
2021-12-28 13:15:15
Fix of 8 CVEs
2022-01-11 12:18:56
ubuntu
ubuntu
libxml2 vulnerabilities
2021-06-17 00:00:00
cloudfoundry
cloudfoundry
USN-4991-1: libxml2 vulnerabilities | Cloud Foundry
2021-07-08 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1905
2021-07-02 17:25:35
apple
apple
About the security content of tvOS 14.7
2021-07-19 00:00:00
About the security content of watchOS 7.6
2021-07-19 00:00:00
About the security content of iOS 14.7 and iPadOS 14.7
2021-07-19 00:00:00
ics
ics
Hitachi Energy APM Edge (Update A)
2022-10-18 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
threatpost
threatpost
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
2021-07-22 16:18:25
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Related for RUBY:NOKOGIRI-2021-3518