CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Published: May 18, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-3518
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
xmlsoft / libxml2	-	2.9.11
debian / debian_linux	9.0	9.0.x
redhat / enterprise_linux	8.0	8.0.x
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x
oracle / peoplesoft_enterprise_peopletools	8.58	8.58.x
oracle / enterprise_manager_base_platform	13.4.0.0	13.4.0.0.x
oracle / enterprise_manager_ops_center	12.4.0.0	12.4.0.0.x
oracle / enterprise_manager_base_platform	13.5.0.0	13.5.0.0.x
oracle / mysql_workbench	-	8.0.26.x
oracle / real_user_experience_insight	13.4.1.0	13.4.1.0.x
oracle / real_user_experience_insight	13.5.1.0	13.5.1.0.x
oracle / communications_cloud_native_core_network_function_cloud_native_environment	1.10.0	1.10.0.x

Vulnerability Database

289,599

CVE-2021-3518