CVE-2021-3517 - Vulnerability Details

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Netapp	Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector E-series Santricity Os Controller E-series Santricity Storage Manager E-series Santricity Web Services Hci H410c Hci H410c Firmware Hci Management Node Manageability Software Development Kit Oncommand Insight Oncommand Workflow Automation Ontap Select Deploy Administration Utility Santricity Unified Manager Snapdrive Snapmanager Solidfire
Oracle	Communications Cloud Native Core Network Function Cloud Native Environment Enterprise Manager Base Platform Mysql Workbench Openjdk Peoplesoft Enterprise Peopletools Real User Experience Insight Zfs Storage Appliance Kit
Redhat	Enterprise Linux Jboss Core Services Rhmt
Xmlsoft	Libxml2

Configuration 1 [-]

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:jboss_core_services:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:33:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*
	cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
	cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_web_services:-:::::web_services_proxy::
	cpe:2.3:a:netapp:hci_management_node:-:::::::*
	cpe:2.3:a:netapp:manageability_software_development_kit:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
	cpe:2.3:a:netapp:santricity_unified_manager:-:::::::*
	cpe:2.3:a:netapp:snapdrive:-:::::windows::
	cpe:2.3:a:netapp:snapmanager:-:::::oracle::
	cpe:2.3:a:netapp:snapmanager:-:::::sap::
	cpe:2.3:a:netapp:solidfire:-:::::::*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*

Configuration 7 [-]

OR	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:::::::*
	cpe:2.3:a:oracle:mysql_workbench::::::::
	cpe:2.3:a:oracle:openjdk:8:update301::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:::::::*
	cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:::::::*
	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

Package	CPE	Advisory	Released Date
JBoss Core Services for RHEL 8
jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-curl-0:7.78.0-3.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2022:1389	2022-04-20T00:00:00Z
JBoss Core Services on RHEL 7
jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2022:1389	2022-04-20T00:00:00Z
jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2022:1389	2022-04-20T00:00:00Z
Red Hat Enterprise Linux 8
libxml2-0:2.9.7-9.el8_4.2	cpe:/a:redhat:enterprise_linux:8	RHSA-2021:2569	2021-06-29T00:00:00Z
libxml2-0:2.9.7-9.el8_4.2	cpe:/o:redhat:enterprise_linux:8	RHSA-2021:2569	2021-06-29T00:00:00Z
Red Hat Migration Toolkit for Containers 1.4
rhmtc/openshift-migration-controller-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-operator-bundle:v1.4.6-5	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-registry-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-ui-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-velero-rhel8:v1.4.6-5	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
Text-Only JBCS
libxml2	cpe:/a:redhat:jboss_core_services:1	RHSA-2022:1390	2022-04-20T00:00:00Z

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1954232
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
https://nvd.nist.gov/vuln/detail/CVE-2021-3517
https://security.gentoo.org/glsa/202107-05
https://security.netapp.com/advisory/ntap-20210625-0002/
https://security.netapp.com/advisory/ntap-20211022-0004/
https://www.cve.org/CVERecord?id=CVE-2021-3517
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-05-19T13:45:00

Updated: 2024-08-03T16:53:17.731Z

Reserved: 2021-04-27T00:00:00

Link: CVE-2021-3517

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-19T14:15:07.553

Modified: 2024-11-21T06:21:44.107

Link: CVE-2021-3517

Redhat

Severity : Moderate

Publid Date: 2021-04-22T00:00:00Z

Links: CVE-2021-3517 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "libxml2", "vendor": "n/a", "versions": [{"status": "affected", "version": "libxml2 2.9.11"}]}], "descriptions": [{"lang": "en", "value": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-25T16:35:17", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2021-e3ed1ba38b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"}, {"name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"}, {"name": "FEDORA-2021-b950000d2b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "GLSA-202107-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202107-05"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3517", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "libxml2", "version": {"version_data": [{"version_value": "libxml2 2.9.11"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2021-e3ed1ba38b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"}, {"name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"}, {"name": "FEDORA-2021-b950000d2b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"}, {"name": "GLSA-202107-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202107-05"}, {"name": "https://security.netapp.com/advisory/ntap-20210625-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"name": "https://security.netapp.com/advisory/ntap-20211022-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.731Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2021-e3ed1ba38b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"}, {"name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"}, {"name": "FEDORA-2021-b950000d2b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"}, {"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"name": "GLSA-202107-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202107-05"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3517", "datePublished": "2021-05-19T13:45:00", "dateReserved": "2021-04-27T00:00:00", "dateUpdated": "2024-08-03T16:53:17.731Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "matchCriteriaId": "208AF535-5D38-45B4-B227-2892611C5A20", "versionEndExcluding": "2.9.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", "matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "D39DCAE7-494F-40B2-867F-6C6A077939DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", "matchCriteriaId": "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C564D8-E21F-403C-B4BB-7B14B7FB5DAE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "8532F5F0-00A1-4FA9-A80B-09E46D03F74F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "matchCriteriaId": "EED6C8C2-F986-4CFD-A343-AD2340F850F2", "versionEndIncluding": "8.0.26", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*", "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CADD7026-EF85-40A5-8563-7A34C6941B1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "58F019E8-F68D-41B5-9480-0A81616F2E7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application."}, {"lang": "es", "value": "Se presenta un fallo en la funcionalidad xml entity encoding de libxml2 en versiones anteriores a 2.9.11. Un atacante que sea capaz de proporcionar un archivo dise\u00f1ado para que sea procesado por una aplicaci\u00f3n vinculada con la funcionalidad afectada de libxml2 podr\u00eda desencadenar una lectura fuera de los l\u00edmites. El impacto m\u00e1s probable de este fallo es la disponibilidad de la aplicaci\u00f3n, con alg\u00fan impacto potencial en la confidencialidad e integridad si un atacante puede usar la informaci\u00f3n de la memoria para explotar a\u00fan m\u00e1s la aplicaci\u00f3n"}], "id": "CVE-2021-3517", "lastModified": "2024-11-21T06:21:44.107", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-19T14:15:07.553", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202107-05"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202107-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank zodf0055980 (SQLab NCTU Taiwan) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-curl-0:7.78.0-3.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1389", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2021:2569", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libxml2-0:2.9.7-9.el8_4.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-06-29T00:00:00Z"}, {"advisory": "RHSA-2021:2569", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "libxml2-0:2.9.7-9.el8_4.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-06-29T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-controller-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-operator-bundle:v1.4.6-5", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-registry-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-ui-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-rhel8:v1.4.6-5", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHSA-2022:1390", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "libxml2", "product_name": "Text-Only JBCS", "release_date": "2022-04-20T00:00:00Z"}], "bugzilla": {"description": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c", "id": "1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", "There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application."], "name": "CVE-2021-3517", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "compat-expat1", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3517\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3517"], "statement": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object