CVE-2021-3517

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1954232

https://lists.fedoraproject.org/archives/list/[email protected]/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

https://security.netapp.com/advisory/ntap-20210625-0002/

https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E

https://security.gentoo.org/glsa/202107-05

https://www.oracle.com/security-alerts/cpuoct2021.html

https://security.netapp.com/advisory/ntap-20211022-0004/

Details

Source: MITRE

Published: 2021-05-19

Updated: 2021-12-03

Type: CWE-787

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 8.6

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Impact Score: 4.7

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* versions from 11.0.0 to 11.70.1 (inclusive)

cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*

cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*

cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* versions up to 8.0.26 (inclusive)

cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*

cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
156968GLSA-202107-05 : libxml2: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
156511EulerOS Virtualization 3.0.2.6 : libxml2 (EulerOS-SA-2021-2884)NessusHuawei Local Security Checks
high
154913Amazon Linux 2 : java-11-amazon-corretto (ALAS-2021-1718)NessusAmazon Linux Local Security Checks
high
154396EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2021-2595)NessusHuawei Local Security Checks
high
154381Azul Zulu Java Multiple Vulnerabilities (2021-10-19)NessusMisc.
high
154345Oracle Java SE 1.7.0_321 / 1.8.0_311 / 1.11.0_13 / 1.17.0_1 Multiple Vulnerabilities (Unix October 2021 CPU)NessusMisc.
high
154344Oracle Java SE 1.7.0_321 / 1.8.0_311 / 1.11.0_13 / 1.17.0_1 Multiple Vulnerabilities (October 2021 CPU)NessusWindows
high
153349EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2021-2406)NessusHuawei Local Security Checks
high
153086EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2021-2339)NessusHuawei Local Security Checks
high
152408EulerOS 2.0 SP8 : libxml2 (EulerOS-SA-2021-2306)NessusHuawei Local Security Checks
high
152294EulerOS 2.0 SP9 : libxml2 (EulerOS-SA-2021-2249)NessusHuawei Local Security Checks
high
152286EulerOS 2.0 SP9 : libxml2 (EulerOS-SA-2021-2275)NessusHuawei Local Security Checks
high
151363CentOS 8 : libxml2 (CESA-2021:2569)NessusCentOS Local Security Checks
high
151359Oracle Linux 8 : libxml2 (ELSA-2021-2569)NessusOracle Linux Local Security Checks
high
151303EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2021-2103)NessusHuawei Local Security Checks
high
151142RHEL 8 : libxml2 (RHSA-2021:2569)NessusRed Hat Local Security Checks
high
150858Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : libxml2 vulnerabilities (USN-4991-1)NessusUbuntu Local Security Checks
high
150579SUSE SLES11 Security Update : libxml2 (SUSE-SU-2021:14729-1)NessusSuSE Local Security Checks
high
150442Photon OS 2.0: Libxml2 PHSA-2021-2.0-0351NessusPhotonOS Local Security Checks
high
150240Photon OS 3.0: Libxml2 PHSA-2021-3.0-0246NessusPhotonOS Local Security Checks
high
150237Photon OS 4.0: Libxml2 PHSA-2021-4.0-0035NessusPhotonOS Local Security Checks
high
149895openSUSE Security Update : libxml2 (openSUSE-2021-764)NessusSuSE Local Security Checks
high
149807SUSE SLES12 Security Update : libxml2 (SUSE-SU-2021:1658-1)NessusSuSE Local Security Checks
high
149796SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2021:1654-1)NessusSuSE Local Security Checks
high
149571openSUSE Security Update : libxml2 (openSUSE-2021-692)NessusSuSE Local Security Checks
high
149372Debian DLA-2653-1 : libxml2 security updateNessusDebian Local Security Checks
high
149347SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2021:1523-1)NessusSuSE Local Security Checks
high
149340SUSE SLES12 Security Update : libxml2 (SUSE-SU-2021:1524-1)NessusSuSE Local Security Checks
high