A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1950515 | Issue Tracking Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210805-0007/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
01 Mar 2022, 18:25
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h300e
Netapp h410s Oracle Netapp h410c Netapp h410s Firmware Netapp h700s Netapp Netapp h410c Firmware Netapp clustered Data Ontap Netapp ontap Select Deploy Administration Utility Netapp clustered Data Ontap Antivirus Connector Netapp h500e Firmware Netapp h700e Firmware Netapp h300e Firmware Netapp manageability Software Development Kit Netapp h500s Firmware Netapp smi-s Provider Netapp cloud Backup Netapp h300s Firmware Netapp h700s Firmware Netapp active Iq Unified Manager Netapp h500e Netapp h700e Netapp h500s Netapp snapdrive Netapp h300s Oracle zfs Storage Appliance Kit |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210805-0007/ - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:* cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* |
07 Feb 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jul 2021, 16:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
CPE | cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:* |
|
CWE | CWE-776 | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1950515 - Issue Tracking, Patch, Third Party Advisory |
09 Jul 2021, 17:40
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-09 17:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-3541
Mitre link : CVE-2021-3541
CVE.ORG link : CVE-2021-3541
JSON object : View
Products Affected
netapp
- snapdrive
- h500e_firmware
- h300s_firmware
- h300e_firmware
- h700e_firmware
- active_iq_unified_manager
- h700s_firmware
- smi-s_provider
- h700s
- clustered_data_ontap_antivirus_connector
- ontap_select_deploy_administration_utility
- h700e
- manageability_software_development_kit
- h500e
- h410c
- h410s
- h500s
- clustered_data_ontap
- cloud_backup
- h410s_firmware
- h300e
- h410c_firmware
- h300s
- h500s_firmware
xmlsoft
- libxml2
oracle
- zfs_storage_appliance_kit
redhat
- jboss_core_services
CWE
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')