CVE-2021-3518

EPSS 0.25%
Veröffentlicht 18.05.2021 12:15:08
Zuletzt bearbeitet 21.11.2024 06:21:44
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xmlsoft ≫ Libxml2 Version < 2.9.11

Debian ≫ Debian Linux Version9.0

Redhat ≫ Jboss Core Services Version-

Redhat ≫ Enterprise Linux Version8.0

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Clustered Data Ontap Version-

Netapp ≫ Clustered Data Ontap Antivirus Connector Version-

Netapp ≫ Manageability Software Development Kit Version-

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Netapp ≫ Snapdrive Version- SwPlatformwindows

Netapp ≫ Hci H410c Firmware Version-

Netapp ≫ Hci H410c Version-

Oracle ≫ Communications Cloud Native Core Network Function Cloud Native Environment Version1.10.0

Oracle ≫ Enterprise Manager Base Platform Version13.4.0.0

Oracle ≫ Enterprise Manager Base Platform Version13.5.0.0

Oracle ≫ Enterprise Manager Ops Center Version12.4.0.0

Oracle ≫ Mysql Workbench Version <= 8.0.26

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Real User Experience Insight Version13.4.1.0

Oracle ≫ Real User Experience Insight Version13.5.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.485

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

https://www.oracle.com/security-alerts/cpujul2022.html

Not Applicable

https://security.gentoo.org/glsa/202107-05

Third Party Advisory