CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
References
Link Resource
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/ Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1954242 Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/ Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20210625-0002/ Third Party Advisory
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E Third Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E Third Party Advisory
https://security.gentoo.org/glsa/202107-05 Third Party Advisory
https://support.apple.com/kb/HT212604 Third Party Advisory
https://support.apple.com/kb/HT212605 Third Party Advisory
https://support.apple.com/kb/HT212602 Third Party Advisory
https://support.apple.com/kb/HT212601 Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jul/55 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jul/54 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jul/58 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jul/59 Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Not Applicable
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*

Information

Published : 2021-05-18 05:15

Updated : 2022-10-04 19:25


NVD link : CVE-2021-3518

Mitre link : CVE-2021-3518


JSON object : View

CWE
CWE-416

Use After Free

Advertisement

dedicated server usa

Products Affected

netapp

  • hci_h410c
  • clustered_data_ontap
  • manageability_software_development_kit
  • active_iq_unified_manager
  • clustered_data_ontap_antivirus_connector
  • hci_h410c_firmware
  • snapdrive
  • ontap_select_deploy_administration_utility

redhat

  • enterprise_linux
  • jboss_core_services

oracle

  • communications_cloud_native_core_network_function_cloud_native_environment
  • peoplesoft_enterprise_peopletools
  • enterprise_manager_base_platform
  • mysql_workbench
  • enterprise_manager_ops_center
  • real_user_experience_insight

fedoraproject

  • fedora

debian

  • debian_linux

xmlsoft

  • libxml2