Vulnerability CVE-2021-3541: Information

Description

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-3541

Published: July 9, 2021

Modified: March 1, 2022

Error type identifier: CWE-776

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
gem-nokogiri	sisyphus	1.12.4-alt1	1.16.4-alt1	ALT-PU-2021-2997-1	252865	Fixed
gem-nokogiri	sisyphus_e2k	1.16.2-alt1	1.16.4-alt1	ALT-PU-2024-6690-1	-	Fixed
gem-nokogiri	p10	1.13.8-alt1.1	1.13.8-alt1.1	ALT-PU-2023-4266-4	307833	Fixed
gem-nokogiri	p10_e2k	1.13.8-alt1.1	1.13.8-alt1.1	ALT-PU-2024-7099-1	-	Fixed
gem-nokogiri	c10f1	1.13.8-alt1.1	1.11.1-alt1	ALT-PU-2024-7812-2	334397	Testing
gem-nokogiri	p11	1.12.4-alt1	1.16.4-alt1	ALT-PU-2021-2997-1	252865	Fixed
libxml2	sisyphus	2.9.12-alt1	2.12.7-alt1	ALT-PU-2021-2057-1	275606	Fixed
libxml2	p10	2.9.12-alt1	2.9.12-alt1.p10.1	ALT-PU-2021-2057-1	275606	Fixed
libxml2	c10f1	2.9.12-alt1	2.9.12-alt1.p10.1	ALT-PU-2021-2057-1	275606	Fixed
libxml2	c9f2	2.9.12-alt1	2.9.12-alt1.c9f2.1	ALT-PU-2021-3332-1	287715	Fixed
libxml2	p11	2.9.12-alt1	2.12.7-alt1	ALT-PU-2021-2057-1	275606	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1950515	Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20210805-0007/	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
  End excliding
  2.9.11
  
  Configuration 2
  cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*
  cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
  cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
  
  Configuration 6
  cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
  
  Configuration 7
  cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
  
  Configuration 8
  cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
  
  Configuration 9
  cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
  
  Configuration 10
  cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
  
  Configuration 11
  cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
  
  Configuration 12
  cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2021-3541: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9

Configuration 10

Configuration 11

Configuration 12