Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2021-3517
HistoryMay 19, 2021 - 12:00 a.m.

CVE-2021-3517

2021-05-1900:00:00
ubuntu.com
ubuntu.com
43

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON

There is a flaw in the xml entity encoding functionality of libxml2 in
versions before 2.9.11. An attacker who is able to supply a crafted file to
be processed by an application linked with the affected functionality of
libxml2 could trigger an out-of-bounds read. The most likely impact of this
flaw is to application availability, with some potential impact to
confidentiality and integrity if an attacker is able to use memory
information to further exploit the application.

Bugs

Notes

Author Note
ccdm94 same patch as the one for CVE-2020-24977. As per a comment made by upstream in issue 235 (related to this CVE) both the issues fixed by bf22713507 are caused by the same underlying problem.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlibxml2< 2.9.4+dfsg1-6.1ubuntu1.4UNKNOWN
ubuntu20.04noarchlibxml2< 2.9.10+dfsg-5ubuntu0.20.04.1UNKNOWN
ubuntu20.10noarchlibxml2< 2.9.10+dfsg-5ubuntu0.20.10.2UNKNOWN
ubuntu21.04noarchlibxml2< 2.9.10+dfsg-6.3ubuntu0.1UNKNOWN
ubuntu14.04noarchlibxml2< 2.9.1+dfsg1-3ubuntu4.13+esm2) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchlibxml2< 2.9.3+dfsg1-1ubuntu0.7+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN

Related

nessus 67
ics 1
amazon 2
veracode 2
fedora 12
openvas 53
cve 2
redhat 3
redhatcve 2
mageia 2
oraclelinux 2
suse 4
debiancve 2
prion 2
osv 8
alpinelinux 2
cbl_mariner 2
almalinux 2
rocky 2
github 2
gentoo 1
ubuntucve 1
ibm 3
cloudlinux 2
cloudfoundry 1
ubuntu 1
altlinux 3
archlinux 1
freebsd 1
debian 2
photon 7
f5 1
rosalinux 1
nessus
nessus
Amazon Linux 2 : libxml2 (ALAS-2021-1662)
2023-01-04 00:00:00
EulerOS Virtualization 2.9.0 : libxml2 (EulerOS-SA-2021-1661)
2021-03-11 00:00:00
EulerOS Virtualization 3.0.2.6 : libxml2 (EulerOS-SA-2021-1415)
2021-03-10 00:00:00
ics
ics
Hitachi Energy RTU500 series
2021-12-02 12:00:00
amazon
amazon
Medium: libxml2
2021-06-16 20:37:00
Medium: libxml2
2023-04-27 16:19:00
veracode
veracode
Arbitrary Code Execution
2020-09-07 03:15:00
Denial Of Service (DoS)
2021-05-08 15:22:34
fedora
fedora
[SECURITY] Fedora 33 Update: libxml2-2.9.10-7.fc33
2020-09-25 17:19:44
[SECURITY] Fedora 32 Update: mingw-libxml2-2.9.10-8.fc32
2020-11-20 01:28:00
[SECURITY] Fedora 33 Update: mingw-libxml2-2.9.10-8.fc33
2020-11-20 01:40:57
openvas
openvas
Fedora: Security Advisory for libxml2 (FEDORA-2020-935f62c3d9)
2020-11-14 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2021-1093)
2021-01-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:2612-1)
2021-06-09 00:00:00
cve
cve
CVE-2020-24977
2020-09-04 00:15:00
CVE-2021-3517
2021-05-19 14:15:00
redhat
redhat
(RHSA-2021:1597) Moderate: libxml2 security update
2021-05-18 05:36:57
(RHSA-2021:2569) Moderate: libxml2 security update
2021-06-29 13:42:19
(RHSA-2022:1390) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update
2022-04-20 19:26:37
redhatcve
redhatcve
CVE-2020-24977
2020-09-10 13:13:57
CVE-2021-3517
2021-04-27 19:36:02
mageia
mageia
Updated libxml2 packages fix a security vulnerability
2021-01-04 17:42:30
Updated libxml2 packages fix security vulnerabilities
2021-05-19 22:29:59
oraclelinux
oraclelinux
libxml2 security update
2021-05-25 00:00:00
libxml2 security update
2021-07-03 00:00:00
suse
suse
Security update for libxml2 (moderate)
2020-09-19 00:00:00
Security update for libxml2 (moderate)
2020-09-15 00:00:00
Security update for libxml2 (moderate)
2021-05-09 00:00:00
debiancve
debiancve
CVE-2020-24977
2020-09-04 00:15:00
CVE-2021-3517
2021-05-19 14:15:00
prion
prion
Buffer overflow
2020-09-04 00:15:00
Out-of-bounds
2021-05-19 14:15:00
osv
osv
Moderate: libxml2 security update
2021-05-18 05:36:57
Nokogiri contains libxml Out-of-bounds Write vulnerability
2022-05-24 19:02:48
Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12
2021-05-17 20:52:05
alpinelinux
alpinelinux
CVE-2020-24977
2020-09-04 00:15:00
CVE-2021-3517
2021-05-19 14:15:00
cbl_mariner
cbl_mariner
CVE-2020-24977 affecting package libxml2 2.9.10-4
2020-11-30 19:30:45
CVE-2021-3517 affecting package libxml2 2.9.10-4
2021-06-09 03:50:32
almalinux
almalinux
Moderate: libxml2 security update
2021-05-18 05:36:57
Moderate: libxml2 security update
2021-06-29 13:42:19
rocky
rocky
libxml2 security update
2021-05-18 05:36:57
libxml2 security update
2021-06-29 13:42:19
github
github
Nokogiri contains libxml Out-of-bounds Write vulnerability
2022-05-24 19:02:48
Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12
2021-05-17 20:52:05
gentoo
gentoo
libxml2: Multiple vulnerabilities
2021-07-06 00:00:00
ubuntucve
ubuntucve
CVE-2020-24977
2020-09-04 00:00:00
ibm
ibm
Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Libxml2
2023-12-07 23:00:02
Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Libxml2
2023-12-07 23:00:02
Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Libxml2
2023-12-07 22:45:07
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-3516, CVE-2021-3537, CVE-2017-8872, CVE-2021-3518, CVE-2019-20388, CVE-2020-24977, CVE-2021-3541, CVE-2021-3517
2021-12-28 13:15:15
Fix of 8 CVEs
2022-01-11 12:18:56
cloudfoundry
cloudfoundry
USN-4991-1: libxml2 vulnerabilities | Cloud Foundry
2021-07-08 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2021-06-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.10-alt4
2020-11-06 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.10-alt4
2020-11-09 00:00:00
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.12-alt1
2021-06-15 00:00:00
archlinux
archlinux
[ASA-202011-15] libxml2: multiple issues
2020-11-17 00:00:00
freebsd
freebsd
libxml -- multiple vulnerabilities
2020-01-21 00:00:00
debian
debian
[SECURITY] [DLA 2653-1] libxml2 security update
2021-05-10 12:31:54
[SECURITY] [DLA 2369-1] libxml2 security update
2020-09-09 22:41:50
photon
photon
Important Photon OS Security Update - PHSA-2021-0399
2021-05-31 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0325
2020-09-19 00:00:00
Critical Photon OS Security Update - PHSA-2021-0035
2021-06-02 00:00:00
f5
f5
K03179547 : Multiple Java vulnerabilities CVE-2021-3517, CVE-2021-3522, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559
2022-09-06 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1905
2021-07-02 17:25:35

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON
Related for UB:CVE-2021-3517
nessus67ics1amazon2veracode2fedora12openvas53cve2redhat3redhatcve2mageia2oraclelinux2suse4debiancve2prion2osv8alpinelinux2cbl_mariner2almalinux2rocky2github2gentoo1ubuntucve1ibm3cloudlinux2cloudfoundry1ubuntu1altlinux3archlinux1freebsd1debian2photon7f51rosalinux1