A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1956522 | Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/ | |
https://security.gentoo.org/glsa/202107-05 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210625-0002/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Not Applicable |
https://www.oracle.com/security-alerts/cpuoct2021.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
History
28 Feb 2023, 15:19
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Not Applicable |
25 Jul 2022, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 May 2022, 17:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Dec 2021, 20:19
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory |
20 Oct 2021, 11:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Sep 2021, 19:09
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210625-0002/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:* |
06 Jul 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 May 2021, 17:36
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.9 |
CPE | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html - Mailing List, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1956522 - Issue Tracking, Patch, Third Party Advisory |
Information
Published : 2021-05-14 20:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-3537
Mitre link : CVE-2021-3537
CVE.ORG link : CVE-2021-3537
JSON object : View
Products Affected
oracle
- openjdk
- communications_cloud_native_core_network_function_cloud_native_environment
- mysql_workbench
- enterprise_manager_ops_center
- enterprise_manager_base_platform
- real_user_experience_insight
- peoplesoft_enterprise_peopletools
netapp
- hci_h410c
- clustered_data_ontap
- manageability_software_development_kit
- clustered_data_ontap_antivirus_connector
- snapdrive
- active_iq_unified_manager
- hci_h410c_firmware
- ontap_select_deploy_administration_utility
redhat
- enterprise_linux
- jboss_core_services
debian
- debian_linux
fedoraproject
- fedora
xmlsoft
- libxml2
CWE
CWE-476
NULL Pointer Dereference