CVE-2021-3537
14.05.2021, 20:15
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| xmlsoft | libxml2 | 𝑥 < 2.9.11 |
| redhat | jboss_core_services | - |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| debian | debian_linux | 9.0 |
| netapp | active_iq_unified_manager | - |
| netapp | clustered_data_ontap | - |
| netapp | clustered_data_ontap_antivirus_connector | - |
| netapp | manageability_software_development_kit | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | snapdrive | - |
| netapp | hci_h410c_firmware | - |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 |
| oracle | enterprise_manager_base_platform | 13.4.0.0 |
| oracle | enterprise_manager_base_platform | 13.5.0.0 |
| oracle | enterprise_manager_ops_center | 12.4.0.0 |
| oracle | mysql_workbench | 𝑥 ≤ 8.0.26 |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
| oracle | real_user_experience_insight | 13.4.1.0 |
| oracle | real_user_experience_insight | 13.5.1.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libxml2 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libxml2-2 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| libxml2-2-32bit |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| libxml2-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| libxml2-doc |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| libxml2-tools |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| python-libxml2 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| python3-libxml2 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| python3-libxml2-python |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| libxml2 |
| ||||||||||
| libxml2-devel |
| ||||||||||
| python3-libxml2 |
|
Common Weakness Enumeration
References