NULL Dereference Vulnerability in libxml2 Affecting Various Distributions
CVE-2021-3537

5.9MEDIUM

Key Information:

Vendor: Xmlsoft
Status: Libxml2
Vendor: CVE Published:; 14 May 2021

What is CVE-2021-3537?

A vulnerability in libxml2 affects versions prior to 2.9.11, where the parsing of XML mixed content fails to propagate errors correctly. This flaw potentially leads to a NULL dereference, allowing an untrusted XML document parsed in recovery mode to trigger an application crash. This could significantly impact system availability, highlighting the importance of timely updates to avoid such issues.

Affected Version(s)

libxml2 libxml2 2.9.11

References

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://lists.debian.org/debian-lts-announce/2021/05/msg0...

mailing-listx_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=1956522

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2021
Vulnerability Reserved
May 5, 2021

Xmlsoft

What is CVE-2021-3537?

Affected Version(s)

References

CVSS V3.1

Timeline