CVE-2021-3516

June 11, 2021

There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Summary:

There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Reference Links(if available):

  • https://bugzilla.redhat.com/show_bug.cgi?id=1954225
  • https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539
  • https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
  • https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

    • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • You may have missed

    image

    [KILLSEC] – Ransomware Victim: Giggle Finance

    November 13, 2024
    CISA Logo

    US-CERT Vulnerability Summary for the Week of November 4, 2024

    November 12, 2024
    image

    [RAWORLD] – Ransomware Victim: Orange County Pathology Medical Group

    November 12, 2024
    image

    [RAWORLD] – Ransomware Victim: SK Gas

    November 12, 2024
    CISA Logo

    CISA: Ivanti Releases Security Updates for Multiple Products

    November 12, 2024