ID CVE-2021-3516
Summary There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
References
Vulnerable Configurations
  • cpe:2.3:a:xmlsoft:xmllint:*:*:*:*:*:*:*:*
    cpe:2.3:a:xmlsoft:xmllint:*:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 14-09-2021 - 17:08)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
Last major update 14-09-2021 - 17:08
Published 01-06-2021 - 14:15
Last modified 14-09-2021 - 17:08
Back to Top