{"containers": {"cna": {"affected": [{"product": "libxml2", "vendor": "n/a", "versions": [{"status": "affected", "version": "libxml2 2.9.11"}]}], "descriptions": [{"lang": "en", "value": "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-25T16:35:29", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2021-e3ed1ba38b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"}, {"name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242"}, {"name": "FEDORA-2021-b950000d2b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "GLSA-202107-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202107-05"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"}, {"name": "20210723 APPLE-SA-2021-07-21-5 watchOS 7.6", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Jul/58"}, {"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Jul/54"}, {"name": "20210723 APPLE-SA-2021-07-21-2 macOS Big Sur 11.5", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Jul/55"}, {"name": "20210723 APPLE-SA-2021-07-21-6 tvOS 14.7", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Jul/59"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212605"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212602"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212601"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212604"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3518", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "libxml2", "version": {"version_data": [{"version_value": "libxml2 2.9.11"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-416"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2021-e3ed1ba38b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"}, {"name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242"}, {"name": "FEDORA-2021-b950000d2b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"}, {"name": "GLSA-202107-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202107-05"}, {"name": "https://security.netapp.com/advisory/ntap-20210625-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"}, {"name": "20210723 APPLE-SA-2021-07-21-5 watchOS 7.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Jul/58"}, {"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Jul/54"}, {"name": "20210723 APPLE-SA-2021-07-21-2 macOS Big Sur 11.5", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Jul/55"}, {"name": "20210723 APPLE-SA-2021-07-21-6 tvOS 14.7", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Jul/59"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"name": "https://support.apple.com/kb/HT212605", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212605"}, {"name": "https://support.apple.com/kb/HT212602", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212602"}, {"name": "https://support.apple.com/kb/HT212601", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212601"}, {"name": "https://support.apple.com/kb/HT212604", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212604"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:01:07.460Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2021-e3ed1ba38b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"}, {"name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242"}, {"name": "FEDORA-2021-b950000d2b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "GLSA-202107-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202107-05"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"}, {"name": "20210723 APPLE-SA-2021-07-21-5 watchOS 7.6", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Jul/58"}, {"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Jul/54"}, {"name": "20210723 APPLE-SA-2021-07-21-2 macOS Big Sur 11.5", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Jul/55"}, {"name": "20210723 APPLE-SA-2021-07-21-6 tvOS 14.7", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Jul/59"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212605"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212602"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212601"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212604"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3518", "datePublished": "2021-05-18T11:20:24", "dateReserved": "2021-04-27T00:00:00", "dateUpdated": "2024-08-03T17:01:07.460Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "matchCriteriaId": "208AF535-5D38-45B4-B227-2892611C5A20", "versionEndExcluding": "2.9.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", "matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "D39DCAE7-494F-40B2-867F-6C6A077939DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", "matchCriteriaId": "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C564D8-E21F-403C-B4BB-7B14B7FB5DAE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "8532F5F0-00A1-4FA9-A80B-09E46D03F74F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "matchCriteriaId": "EED6C8C2-F986-4CFD-A343-AD2340F850F2", "versionEndIncluding": "8.0.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CADD7026-EF85-40A5-8563-7A34C6941B1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "58F019E8-F68D-41B5-9480-0A81616F2E7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability."}, {"lang": "es", "value": "Se presenta un fallo en libxml2 en versiones anteriores a 2.9.11. Un atacante que pueda enviar un archivo dise\u00f1ado para que sea procesado por una aplicaci\u00f3n vinculada con libxml2 podr\u00eda desencadenar un uso de la memoria previamente liberada. El mayor impacto de este fallo es a la confidencialidad, integridad y disponibilidad"}], "id": "CVE-2021-3518", "lastModified": "2023-11-07T03:38:04.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-18T12:15:08.043", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Jul/54"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Jul/55"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Jul/58"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Jul/59"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202107-05"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212601"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212602"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212604"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212605"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank zodf0055980 (SQLab NCTU Taiwan) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-curl-0:7.78.0-3.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2021:2569", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libxml2-0:2.9.7-9.el8_4.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-06-29T00:00:00Z"}, {"advisory": "RHSA-2021:2569", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "libxml2-0:2.9.7-9.el8_4.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-06-29T00:00:00Z"}, {"advisory": "RHSA-2022:1390", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "libxml2", "product_name": "Red Hat JBoss Core Services 1", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-controller-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-operator-bundle:v1.4.6-5", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-registry-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-ui-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-rhel8:v1.4.6-5", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}], "bugzilla": {"description": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c", "id": "1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", "There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability."], "name": "CVE-2021-3518", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "compat-expat1", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3518\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3518"], "statement": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "threat_severity": "Moderate", "upstream_fix": "libxml2 2.9.11"}