Home

CVE-2021-3517

Description

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Risk Information

Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS Score
Exploitation Probability
0.098

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Java SE 8u301Windows
Multiple vulnerabilities affected in Java SE (x64) 8u301Windows
Multiple vulnerabilities are affected in Java SE Development Kit 8.0.3010.9Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.3010.9Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.3010Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.58Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.58Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 11 (MSI) (x64) 11.52Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 13 13.44Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 17 17.30Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 17 (x64) 17.30Windows
Vulnerabilities CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 are fixed in Ruby-nokogiri 1.11.4Windows
Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3Windows
Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1Windows
SUSE-SU-2021:1524-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-2.9.4-46.40.1.x86_64.rpmLinux
SUSE-SU-2021:1524-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-32bit-2.9.4-46.40.1.x86_64.rpmLinux
SUSE-SU-2021:1524-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-debuginfo-2.9.4-46.40.1.x86_64.rpmLinux
SUSE-SU-2021:1524-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-debuginfo-32bit-2.9.4-46.40.1.x86_64.rpmLinux
SUSE-SU-2021:1524-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-debugsource-2.9.4-46.40.1.x86_64.rpmLinux
SUSE-SU-2021:1524-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-doc-2.9.4-46.40.1.noarch.rpmLinux
SUSE-SU-2021:1524-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-tools-2.9.4-46.40.1.x86_64.rpmLinux
SUSE-SU-2021:1524-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-tools-debuginfo-2.9.4-46.40.1.x86_64.rpmLinux
SUSE-SU-2021:1524-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-2.9.4-46.40.1.x86_64.rpmLinux
SUSE-SU-2021:1524-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-debuginfo-2.9.4-46.40.1.x86_64.rpmLinux
SUSE-SU-2021:1524-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-debugsource-2.9.4-46.40.1.x86_64.rpmLinux
SUSE-SU-2021:1658-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-2.9.4-46.43.1.x86_64.rpmLinux
SUSE-SU-2021:1658-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-32bit-2.9.4-46.43.1.x86_64.rpmLinux
SUSE-SU-2021:1658-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-debuginfo-2.9.4-46.43.1.x86_64.rpmLinux
SUSE-SU-2021:1658-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-debuginfo-32bit-2.9.4-46.43.1.x86_64.rpmLinux
SUSE-SU-2021:1658-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-debugsource-2.9.4-46.43.1.x86_64.rpmLinux
SUSE-SU-2021:1658-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-doc-2.9.4-46.43.1.noarch.rpmLinux
SUSE-SU-2021:1658-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-tools-2.9.4-46.43.1.x86_64.rpmLinux
SUSE-SU-2021:1658-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-tools-debuginfo-2.9.4-46.43.1.x86_64.rpmLinux
SUSE-SU-2021:1658-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-2.9.4-46.43.1.x86_64.rpmLinux
SUSE-SU-2021:1658-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-debuginfo-2.9.4-46.43.1.x86_64.rpmLinux
SUSE-SU-2021:1658-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-debugsource-2.9.4-46.43.1.x86_64.rpmLinux
GNOME XML library (USN-4991-1) libxml2_2.9.10+dfsg-6.3ubuntu0.1_i386.debLinux
GNOME XML library (USN-4991-1) libxml2_2.9.10+dfsg-6.3ubuntu0.1_amd64.debLinux
GNOME XML library (USN-4991-1) libxml2_2.9.4+dfsg1-6.1ubuntu1.4_i386.debLinux
GNOME XML library (USN-4991-1) libxml2_2.9.4+dfsg1-6.1ubuntu1.4_amd64.debLinux
GNOME XML library (USN-4991-1) libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_i386.debLinux
GNOME XML library (USN-4991-1) libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_amd64.debLinux
GNOME XML library (USN-4991-1) libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.debLinux
GNOME XML library (USN-4991-1) libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.debLinux
GNOME XML library (USN-4991-1) libxml2-utils_2.9.10+dfsg-6.3ubuntu0.1_i386.debLinux
GNOME XML library (USN-4991-1) libxml2-utils_2.9.10+dfsg-6.3ubuntu0.1_amd64.debLinux
GNOME XML library (USN-4991-1) libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.4_i386.debLinux
GNOME XML library (USN-4991-1) libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.4_amd64.debLinux
GNOME XML library (USN-4991-1) libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.1_i386.debLinux
GNOME XML library (USN-4991-1) libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.1_amd64.debLinux
GNOME XML library (USN-4991-1) libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_i386.debLinux
GNOME XML library (USN-4991-1) libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.debLinux
Libxml2 update (ELSA-2021-2569) libxml2-2.9.7-9.0.1.el8_4.2.i686.rpmLinux
Libxml2 update (ELSA-2021-2569) libxml2-2.9.7-9.0.1.el8_4.2.x86_64.rpmLinux
Libxml2-devel update (ELSA-2021-2569) libxml2-devel-2.9.7-9.0.1.el8_4.2.i686.rpmLinux
Libxml2-devel update (ELSA-2021-2569) libxml2-devel-2.9.7-9.0.1.el8_4.2.x86_64.rpmLinux
Python3-libxml2 update (ELSA-2021-2569) python3-libxml2-2.9.7-9.0.1.el8_4.2.x86_64.rpmLinux
(RHSA-2021:2569) libxml2 security update libxml2-2.9.7-9.el8_4.2.i686.rpmLinux
(RHSA-2021:2569) libxml2 security update libxml2-2.9.7-9.el8_4.2.x86_64.rpmLinux
(RHSA-2021:2569) libxml2 security update libxml2-debugsource-2.9.7-9.el8_4.2.i686.rpmLinux
(RHSA-2021:2569) libxml2 security update libxml2-debugsource-2.9.7-9.el8_4.2.x86_64.rpmLinux
(RHSA-2021:2569) libxml2 security update libxml2-devel-2.9.7-9.el8_4.2.i686.rpmLinux
(RHSA-2021:2569) libxml2 security update libxml2-devel-2.9.7-9.el8_4.2.x86_64.rpmLinux
(RHSA-2021:2569) libxml2 security update python3-libxml2-2.9.7-9.el8_4.2.x86_64.rpmLinux
Libxml2 update (ELSA-2022-0899) libxml2-2.9.7-12.el8_5.i686.rpmLinux
Libxml2 update (ELSA-2022-0899) libxml2-2.9.7-12.el8_5.x86_64.rpmLinux
Libxml2-devel update (ELSA-2022-0899) libxml2-devel-2.9.7-12.el8_5.i686.rpmLinux
Libxml2-devel update (ELSA-2022-0899) libxml2-devel-2.9.7-12.el8_5.x86_64.rpmLinux
Python3-libxml2 update (ELSA-2022-0899) python3-libxml2-2.9.7-12.el8_5.x86_64.rpmLinux
Vulnerabilities CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 are fixed in Ruby-nokogiri for Linux 1.11.4Linux
CVE-2021-3517NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-349781Java Runtime Environment 1.8 (8.0.4610.11) (Manual Upload Required)
PATCH-349782Java Runtime Environment 1.8 (x64) (8.0.4610.11) (Manual Upload Required)
PATCH-333702Java SE Development Kit 8 Update 391 (32-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-333701Java SE Development Kit 8 Update 391 (64-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-333701Java SE Development Kit 8 Update 391 (64-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-342222Azul Zulu JDK 8 (MSI) (8.82.0.21)
PATCH-342223Azul Zulu JDK 8 (MSI) (x64) (8.82.0.21)
PATCH-342218Azul Zulu JDK 11 (MSI) (x64) (11.76.21)
PATCH-328592Azul Zulu JDK 13 (13.54.17)
PATCH-342219Azul Zulu JDK 17 (17.54.21)
PATCH-342220Azul Zulu JDK 17 (x64) (17.54.21)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234