Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-3537

Опубликовано: 14 мая 2021
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
Версия до 2.9.11 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*
Конфигурация 7

Одно из

cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
Версия до 8.0.26 (включая)
cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 33%
0.00127
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476
CWE-476

Связанные уязвимости

ubuntu логотип

CVE-2021-3537

CVSS3: 5.9
ubuntu
больше 4 лет назад

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

redhat логотип

CVE-2021-3537

CVSS3: 7.5
redhat
больше 4 лет назад

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

msrc логотип

CVE-2021-3537

CVSS3: 5.9
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-3537

CVSS3: 5.9
debian
больше 4 лет назад

A vulnerability found in libxml2 in versions before 2.9.11 shows that ...

github логотип

GHSA-286v-pcf5-25rc

CVSS3: 5.9
github
около 3 лет назад

Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing

EPSS

Процентиль: 33%
0.00127
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476
CWE-476