Vulnerability Description
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xmlsoft | Libxml2 | < 2.9.11 |
| Debian | Debian Linux | 9.0 |
| Redhat | Jboss Core Services | - |
| Redhat | Enterprise Linux | 8.0 |
| Fedoraproject | Fedora | 33 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Clustered Data Ontap | - |
| Netapp | Clustered Data Ontap Antivirus Connector | - |
| Netapp | Manageability Software Development Kit | - |
| Netapp | Ontap Select Deploy Administration Utility | - |
| Netapp | Snapdrive | - |
| Netapp | Hci H410C Firmware | - |
| Netapp | Hci H410C | - |
| Oracle | Communications Cloud Native Core Network Function Cloud Native Environment | 1.10.0 |
| Oracle | Enterprise Manager Base Platform | 13.4.0.0 |
| Oracle | Enterprise Manager Ops Center | 12.4.0.0 |
| Oracle | Mysql Workbench | <= 8.0.26 |
| Oracle | Peoplesoft Enterprise Peopletools | 8.58 |
| Oracle | Real User Experience Insight | 13.4.1.0 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2021/Jul/54Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2021/Jul/55Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2021/Jul/58Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2021/Jul/59Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1954242Issue TrackingPatchThird Party Advisory
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
- https://lists.debian.org/debian-lts-announce/2021/05/msg00008.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202107-05Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210625-0002/Third Party Advisory
- https://support.apple.com/kb/HT212601Third Party Advisory
- https://support.apple.com/kb/HT212602Third Party Advisory
- https://support.apple.com/kb/HT212604Third Party Advisory
FAQ
What is CVE-2021-3518?
CVE-2021-3518 is a vulnerability with a CVSS score of 8.8 (HIGH). There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest...
How severe is CVE-2021-3518?
CVE-2021-3518 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3518?
Check the references section above for vendor advisories and patch information. Affected products include: Xmlsoft Libxml2, Debian Debian Linux, Redhat Jboss Core Services, Redhat Enterprise Linux, Fedoraproject Fedora.