CVE-2021-3517

Updated: 2023-11-07 19:11:57.797643

Description:

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x HIGH 8.6

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS libxml2 2.7.6 8.6 HIGH Released CLSA-2022:1641903536 2022-05-05 12:03:56
CentOS 7 ELS libxml2 2.9.1 8.6 HIGH Released CLSA-2023:1696537106 2023-10-05 17:08:35
CentOS 8.4 ELS java-1.8.0-openjdk 1.8.0 8.6 HIGH Not Vulnerable 2023-10-27 11:23:49
CentOS 8.4 ELS libxml2 2.9.7-9 8.6 HIGH Already Fixed 2023-10-30 11:22:11
CentOS 8.5 ELS libxml2 2.9.7-9 8.6 HIGH Already Fixed 2023-10-30 11:22:09
CentOS 8.5 ELS java-1.8.0-openjdk 1.8.0 8.6 HIGH Not Vulnerable 2023-11-01 09:48:46
CloudLinux 6 ELS libxml2 2.7.6 8.6 HIGH Released CLSA-2021:1640697686 2022-04-19 21:49:51
Oracle Linux 6 ELS libxml2 2.7.6 8.6 HIGH Released CLSA-2021:1640700669 2022-04-19 21:49:50
Ubuntu 16.04 ELS libxml2 2.9.3 8.6 HIGH Released CLSA-2021:1640700710 2022-04-19 21:49:50
Ubuntu 16.04 ELS openjdk-8 8 8.6 HIGH Not Vulnerable 2022-04-19 21:49:53
Total: 12