A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
Metrics
Affected Vendors & Products
Advisories
| Source | ID | Title |
|---|---|---|
Debian DLA |
DLA-2653-1 | libxml2 security update |
EUVD |
EUVD-2022-1938 | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. |
Github GHSA |
GHSA-286v-pcf5-25rc | Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing |
Ubuntu USN |
USN-4991-1 | libxml2 vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-03T17:01:08.318Z
Reserved: 2021-05-05T00:00:00
Link: CVE-2021-3537
No data.
Status : Modified
Published: 2021-05-14T20:15:16.553
Modified: 2024-11-21T06:21:47.317
Link: CVE-2021-3537
OpenCVE Enrichment
No data.
Debian DLA
EUVD
Github GHSA
Ubuntu USN