Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3537

Опубликовано: 01 мая 2021
Источник: redhat
CVSS3: 7.5

Описание

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.

Отчет

For the flaw to be exploitable, the document must be parsed in recovery mode and post validated (e.g.: when used in the xmlling tool, both -recover and -postvalid options must be used for the flaw to be exploitable)

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libxml2Out of support scope
Red Hat Enterprise Linux 7libxml2Out of support scope
Red Hat Enterprise Linux 9libxml2Not affected
JBoss Core Services for RHEL 8jbcs-httpd24-apr-utilFixedRHSA-2022:138920.04.2022
JBoss Core Services for RHEL 8jbcs-httpd24-curlFixedRHSA-2022:138920.04.2022
JBoss Core Services for RHEL 8jbcs-httpd24-httpdFixedRHSA-2022:138920.04.2022
JBoss Core Services for RHEL 8jbcs-httpd24-mod_cluster-nativeFixedRHSA-2022:138920.04.2022
JBoss Core Services for RHEL 8jbcs-httpd24-mod_http2FixedRHSA-2022:138920.04.2022
JBoss Core Services for RHEL 8jbcs-httpd24-mod_jkFixedRHSA-2022:138920.04.2022
JBoss Core Services for RHEL 8jbcs-httpd24-mod_mdFixedRHSA-2022:138920.04.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1956522libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3537

CVSS3: 5.9
ubuntu
больше 4 лет назад

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2021-3537

CVSS3: 5.9
nvd
больше 4 лет назад

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

msrc логотип

CVE-2021-3537

CVSS3: 5.9
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-3537

CVSS3: 5.9
debian
больше 4 лет назад

A vulnerability found in libxml2 in versions before 2.9.11 shows that ...

github логотип

GHSA-286v-pcf5-25rc

CVSS3: 5.9
github
около 3 лет назад

Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing

7.5 High

CVSS3