CVE - CVE-2021-3518

CVE-ID
CVE-2021-3518	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://security.netapp.com/advisory/ntap-20210625-0002/ URL:https://security.netapp.com/advisory/ntap-20210625-0002/ CONFIRM:https://support.apple.com/kb/HT212601 URL:https://support.apple.com/kb/HT212601 CONFIRM:https://support.apple.com/kb/HT212602 URL:https://support.apple.com/kb/HT212602 CONFIRM:https://support.apple.com/kb/HT212604 URL:https://support.apple.com/kb/HT212604 CONFIRM:https://support.apple.com/kb/HT212605 URL:https://support.apple.com/kb/HT212605 FEDORA:FEDORA-2021-b950000d2b URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/ FEDORA:FEDORA-2021-e3ed1ba38b URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/ FULLDISC:20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7 URL:http://seclists.org/fulldisclosure/2021/Jul/54 FULLDISC:20210723 APPLE-SA-2021-07-21-2 macOS Big Sur 11.5 URL:http://seclists.org/fulldisclosure/2021/Jul/55 FULLDISC:20210723 APPLE-SA-2021-07-21-5 watchOS 7.6 URL:http://seclists.org/fulldisclosure/2021/Jul/58 FULLDISC:20210723 APPLE-SA-2021-07-21-6 tvOS 14.7 URL:http://seclists.org/fulldisclosure/2021/Jul/59 GENTOO:GLSA-202107-05 URL:https://security.gentoo.org/glsa/202107-05 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1954242 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1954242 MISC:https://www.oracle.com/security-alerts/cpuapr2022.html URL:https://www.oracle.com/security-alerts/cpuapr2022.html MISC:https://www.oracle.com/security-alerts/cpujul2022.html URL:https://www.oracle.com/security-alerts/cpujul2022.html MISC:https://www.oracle.com/security-alerts/cpuoct2021.html URL:https://www.oracle.com/security-alerts/cpuoct2021.html MLIST:[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 URL:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E MLIST:[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 URL:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E MLIST:[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update URL:https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20210427	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20210427)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)