Out-of-Bounds Read Vulnerability in libxml2 Affects Multiple Systems
CVE-2021-3517

8.6HIGH

Key Information:

Vendor: Xmlsoft
Status: Libxml2
Vendor: CVE Published:; 19 May 2021

What is CVE-2021-3517?

A significant vulnerability exists in the xml entity encoding feature of libxml2 prior to version 2.9.11, where an attacker can exploit this flaw by supplying a specially crafted file for processing. This could potentially lead to an out-of-bounds read, compromising application stability and potentially affecting the confidentiality and integrity of data if further exploited.

Affected Version(s)

libxml2 libxml2 2.9.11

References

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://lists.debian.org/debian-lts-announce/2021/05/msg0...

mailing-listx_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=1954232

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2021
Vulnerability Reserved
Apr 27, 2021

Xmlsoft

What is CVE-2021-3517?

Affected Version(s)

References

CVSS V3.1

Timeline