CVE-2021-3518 : There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Published 2021-05-18 12:15:08

Updated 2022-10-05 02:25:16

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2021-3518

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Core Services » Version: N/A
cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
Matching versions
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.58
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Matching versions
Oracle » Enterprise Manager Ops Center » Version: 12.4.0.0
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Enterprise Manager Base Platform » Version: 13.4.0.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Enterprise Manager Base Platform » Version: 13.5.0.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql Workbench
Versions up to, including, (<=) 8.0.26
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
Matching versions
Oracle » Real User Experience Insight » Version: 13.4.1.0
cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*
Matching versions
Oracle » Real User Experience Insight » Version: 13.5.1.0
cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Network Function Cloud Native Environment » Version: 1.10.0
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
Matching versions
Xmlsoft » Libxml2
Versions before (<) 2.9.11
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Matching versions
Netapp » Clustered Data Ontap » Version: N/A
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapdrive » Version: N/A For Windows
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*
Matching versions
Netapp » Ontap Select Deploy Administration Utility » Version: N/A
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Matching versions
Netapp » Clustered Data Ontap Antivirus Connector » Version: N/A
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Vmware Vsphere
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Manageability Software Development Kit » Version: N/A
cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci H410c Firmware » Version: N/A
cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Hci H410c » Version: N/A

Threat overview for CVE-2021-3518

Top countries where our scanners detected CVE-2021-3518

Top open port discovered on systems with this issue 53

IPs affected by CVE-2021-3518 56,740

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2021-3518!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2021-3518

EPSS FAQ

0.64%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-3518

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-3518

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2021-3518

http://seclists.org/fulldisclosure/2021/Jul/54

Full Disclosure: APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2021/Jul/58

Full Disclosure: APPLE-SA-2021-07-21-5 watchOS 7.6
Mailing List;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

[SECURITY] [DLA 2653-1] libxml2 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpuapr2022.html

Oracle Critical Patch Update Advisory - April 2022
Patch;Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1954242

1954242 – (CVE-2021-3518) CVE-2021-3518 libxml2: use-after-free in xmlXIncludeDoProcess() in xinclude.c
Issue Tracking;Patch;Third Party Advisory
https://security.gentoo.org/glsa/202107-05

libxml2: Multiple vulnerabilities (GLSA 202107-05) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

[SECURITY] Fedora 33 Update: libxml2-2.9.12-4.fc33 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2021/Jul/59

Full Disclosure: APPLE-SA-2021-07-21-6 tvOS 14.7
Mailing List;Third Party Advisory
https://security.netapp.com/advisory/ntap-20210625-0002/

May 2021 Libxml2 Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://support.apple.com/kb/HT212601

About the security content of iOS 14.7 and iPadOS 14.7 - Apple Support
Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2021/Jul/55

Full Disclosure: APPLE-SA-2021-07-21-2 macOS Big Sur 11.5
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

[SECURITY] Fedora 34 Update: libxml2-2.9.10-12.fc34 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpuoct2021.html

Oracle Critical Patch Update Advisory - October 2021
Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 - Pony Mail
Third Party Advisory

CVEs referencing this url
https://support.apple.com/kb/HT212604

About the security content of tvOS 14.7 - Apple Support
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujul2022.html

Oracle Critical Patch Update Advisory - July 2022
Not Applicable

CVEs referencing this url
https://support.apple.com/kb/HT212602

About the security content of macOS Big Sur 11.5 - Apple Support
Third Party Advisory

CVEs referencing this url
https://support.apple.com/kb/HT212605

About the security content of watchOS 7.6 - Apple Support
Third Party Advisory