8.6

CVE-2021-3517

EPSS 0.09%
Veröffentlicht 19.05.2021 14:15:07
Zuletzt bearbeitet 21.11.2024 06:21:44
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xmlsoft ≫ Libxml2 Version < 2.9.11

Redhat ≫ Jboss Core Services Version-

Redhat ≫ Enterprise Linux Version8.0

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Debian ≫ Debian Linux Version9.0

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Clustered Data Ontap Version-

Netapp ≫ Clustered Data Ontap Antivirus Connector Version-

Netapp ≫ E-series Santricity Os Controller Version >= 11.0.0 <= 11.70.1

Netapp ≫ E-series Santricity Storage Manager Version-

Netapp ≫ E-series Santricity Web Services Version- SwPlatformweb_services_proxy

Netapp ≫ Hci Management Node Version-

Netapp ≫ Manageability Software Development Kit Version-

Netapp ≫ Oncommand Insight Version-

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Netapp ≫ Santricity Unified Manager Version-

Netapp ≫ Snapdrive Version- SwPlatformwindows

Netapp ≫ Snapmanager Version- SwPlatformoracle

Netapp ≫ Snapmanager Version- SwPlatformsap

Netapp ≫ Solidfire Version-

Netapp ≫ Hci H410c Firmware Version-

Netapp ≫ Hci H410c Version-

Oracle ≫ Communications Cloud Native Core Network Function Cloud Native Environment Version1.10.0

Oracle ≫ Enterprise Manager Base Platform Version13.4.0.0

Oracle ≫ Enterprise Manager Base Platform Version13.5.0.0

Oracle ≫ Mysql Workbench Version <= 8.0.26

Oracle ≫ Openjdk Version8 Updateupdate301

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Real User Experience Insight Version13.4.1.0

Oracle ≫ Real User Experience Insight Version13.5.1.0

Oracle ≫ Zfs Storage Appliance Kit Version8.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.269

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.6	3.9	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

https://www.oracle.com/security-alerts/cpujul2022.html

Not Applicable

https://security.gentoo.org/glsa/202107-05

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

https://security.netapp.com/advisory/ntap-20210625-0002/

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1954232

Patch

Third Party Advisory

Issue Tracking

https://security.netapp.com/advisory/ntap-20211022-0004/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-3517

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3517

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3517

EUVD