CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
References
Link Resource
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/ Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1954242 Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/ Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20210625-0002/ Third Party Advisory
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E Third Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E Third Party Advisory
https://security.gentoo.org/glsa/202107-05 Third Party Advisory
https://support.apple.com/kb/HT212604 Third Party Advisory
https://support.apple.com/kb/HT212605 Third Party Advisory
https://support.apple.com/kb/HT212602 Third Party Advisory
https://support.apple.com/kb/HT212601 Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jul/55 Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jul/54 Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jul/58 Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jul/59 Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Configurations

Configuration 1 (hide)

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*

Information

Published : 2021-05-18 12:15

Updated : 2021-10-20 11:17


NVD link : CVE-2021-3518

Mitre link : CVE-2021-3518


JSON object : View

Products Affected

redhat

  • jboss_core_services
  • enterprise_linux

netapp

  • hci_h410c
  • active_iq_unified_manager
  • clustered_data_ontap
  • manageability_software_development_kit
  • ontap_select_deploy_administration_utility
  • clustered_data_ontap_antivirus_connector
  • hci_h410c_firmware
  • snapdrive

xmlsoft

  • libxml2

debian

  • debian_linux

fedoraproject

  • fedora
CWE
CWE-416

Use After Free