CVE-2021-3518

Name
CVE-2021-3518
Description
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
MLIST https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1954242
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
Third Party Advisory https://security.netapp.com/advisory/ntap-20210625-0002/
Third Party Advisory https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
Third Party Advisory https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
Third Party Advisory https://security.gentoo.org/glsa/202107-05
Third Party Advisory https://support.apple.com/kb/HT212604
Third Party Advisory https://support.apple.com/kb/HT212605
Third Party Advisory https://support.apple.com/kb/HT212602
Third Party Advisory https://support.apple.com/kb/HT212601
Third Party Advisory http://seclists.org/fulldisclosure/2021/Jul/55
Third Party Advisory http://seclists.org/fulldisclosure/2021/Jul/54
Third Party Advisory http://seclists.org/fulldisclosure/2021/Jul/58
Third Party Advisory http://seclists.org/fulldisclosure/2021/Jul/59
MISC https://www.oracle.com/security-alerts/cpuoct2021.html
MISC https://www.oracle.com/security-alerts/cpuapr2022.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* libxml2 >= None < 2.9.11

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libxml2 3.10-main 2.9.9-r5 Carlo Landmeter <clandmeter@gmail.com> fixed