CVE-2021-3537

Updated: 2023-11-07 19:31:26.816851

Description:

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.3
CVSS Version 3.x MEDIUM 5.9

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS libxml2 2.7.6 5.9 MEDIUM Released CLSA-2022:1641903536 2022-05-05 12:03:58
CentOS 6 ELS java-1.8.0-openjdk 1.8.0 5.9 MEDIUM Ignored 2022-04-19 21:49:53
CentOS 7 ELS java-1.8.0-openjdk 1.8.0 5.9 MEDIUM Ignored 2023-11-17 08:26:04
CentOS 7 ELS libxml2 2.9.1 5.9 MEDIUM Ignored 2023-09-19 09:30:21
CentOS 8.4 ELS java-1.8.0-openjdk 1.8.0 5.9 MEDIUM Not Vulnerable 2023-10-27 11:24:12
CentOS 8.4 ELS libxml2 2.9.7-9 5.9 MEDIUM Already Fixed 2023-10-30 11:22:09
CentOS 8.5 ELS java-1.8.0-openjdk 1.8.0 5.9 MEDIUM Not Vulnerable 2023-11-07 04:06:44
CentOS 8.5 ELS libxml2 2.9.7-9 5.9 MEDIUM Already Fixed 2023-10-30 11:22:09
CloudLinux 6 ELS libxml2 2.7.6 5.9 MEDIUM Released CLSA-2021:1640697686 2022-04-19 21:49:51
CloudLinux 6 ELS java-1.8.0-openjdk 1.8.0 5.9 MEDIUM Ignored 2022-04-19 21:49:53
Total: 16