CVE-2021-3518: There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	ios_14.7_and_ipados	—	—
debian	debian_linux	—	—
debian	libxml2	< libxml2 2.9.10+dfsg-6.6 (bookworm)	libxml2 2.9.10+dfsg-6.6 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
msrc	cm1_libxml2_2.9.12-1_on_cbl_mariner_1.0	—	—
nokogiri	nokogiri	>= 0 < 1.11.4	1.11.4
oracle	communications_cloud_native_core_network_function_cloud_native_environment	—	—
oracle	enterprise_manager_base_platform	—	—
oracle	enterprise_manager_base_platform	—	—
oracle	enterprise_manager_ops_center	—	—
oracle	mysql_workbench	<= 8.0.26	—
oracle	peoplesoft_enterprise_peopletools	—	—
oracle	real_user_experience_insight	—	—
oracle	real_user_experience_insight	—	—
paloalto	pan-os	—	—
redhat	enterprise_linux	—	—
xmlsoft	libxml2	< 2.9.11	2.9.11
xmlsoft	libxml2	—	—
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-6.6	2.9.10+dfsg-6.6
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-6.6	2.9.10+dfsg-6.6
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-6.6	2.9.10+dfsg-6.6
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-6.6	2.9.10+dfsg-6.6
xmlsoft	libxml2	>= 0 < 2.9.4+dfsg1-6.1ubuntu1.4	2.9.4+dfsg1-6.1ubuntu1.4
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-5ubuntu0.20.04.1	2.9.10+dfsg-5ubuntu0.20.04.1

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

ghsa7.5HIGH

osv9.1CRITICAL