CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Published: May 14, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-3537
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
xmlsoft / libxml2	-	2.9.11
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x
redhat / enterprise_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x
oracle / peoplesoft_enterprise_peopletools	8.58	8.58.x
oracle / enterprise_manager_base_platform	13.4.0.0	13.4.0.0.x
oracle / enterprise_manager_ops_center	12.4.0.0	12.4.0.0.x
oracle / openjdk	8-update301	8-update301.x
oracle / enterprise_manager_base_platform	13.5.0.0	13.5.0.0.x
oracle / mysql_workbench	-	8.0.26.x
oracle / real_user_experience_insight	13.4.1.0	13.4.1.0.x
oracle / real_user_experience_insight	13.5.1.0	13.5.1.0.x
oracle / communications_cloud_native_core_network_function_cloud_native_environment	1.10.0	1.10.0.x

Vulnerability Database

289,697

CVE-2021-3537