Vulnerability CVE-2021-3517: Information

Description

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Severity: HIGH (8.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-3517
Published: May 19, 2021
Modified: Nov. 7, 2023
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
gem-nokogirisisyphus1.12.4-alt11.16.2-alt1ALT-PU-2021-2997-1252865Fixed
gem-nokogirisisyphus_e2k1.16.2-alt11.16.2-alt1ALT-PU-2024-6690-1-Fixed
gem-nokogirip101.13.8-alt1.11.13.8-alt1.1ALT-PU-2023-4266-4307833Fixed
gem-nokogirip10_e2k1.13.8-alt1.11.13.8-alt1.1ALT-PU-2024-7099-1-Fixed
libxml2sisyphus2.9.12-alt12.12.5-alt1ALT-PU-2021-2057-1275606Fixed
libxml2p102.9.12-alt12.9.12-alt1.p10.1ALT-PU-2021-2057-1275606Fixed
libxml2c10f12.9.12-alt12.9.12-alt1.p10.1ALT-PU-2021-2057-1275606Fixed
libxml2c9f22.9.12-alt12.9.12-alt1.c9f2.1ALT-PU-2021-3332-1287715Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1954232
  • Issue Tracking
  • Patch
  • Third Party Advisory
[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update
  • Mailing List
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20210625-0002/
  • Third Party Advisory
GLSA-202107-05
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
  • Patch
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20211022-0004/
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
  • Patch
  • Third Party Advisory
N/A
  • Not Applicable
FEDORA-2021-e3ed1ba38b
    FEDORA-2021-b950000d2b
      [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
        [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8

            1. Configuration 1

              cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
              End excliding
              2.9.11

              Configuration 2

              cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
              cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

              Configuration 3

              cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
              cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

              Configuration 4

              cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

              Configuration 5

              cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
              cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
              cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
              cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
              cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
              cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
              cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
              cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
              cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*
              cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
              cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
              cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
              cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
              cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
              cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
              cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
              cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
              Start including
              11.0.0
              End including
              11.70.1

              Configuration 6

              cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*
              Running on/with:
              cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*

              Configuration 7

              cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
              cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
              cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
              cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*
              cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
              cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
              End including
              8.0.26
              cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*
              cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*
              cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.4.2
          Back to top