There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

References

bugzilla.redhat.com/show_bug.cgi?id=1954225

gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539

gitlab.gnome.org/GNOME/libxml2/-/issues/230

lists.debian.org/debian-lts-announce/2021/05/msg00008.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

security.gentoo.org/glsa/202107-05

security.netapp.com/advisory/ntap-20210716-0005/

www.oracle.com/security-alerts/cpujan2022.html

osv 32

openvas 35

nessus 50

archlinux 2

suse 4

freebsd 2

fedora 6

debian 6

ibm 20

oraclelinux 4

gentoo 1

amazon 3

f5 2

centos 4

veracode 3

redhat 4

altlinux 3

rubygems 2

cloudfoundry 2

ubuntu 3

symantec 1

mageia 2

ubuntucve 1

nvd 2

cvelist 1

debiancve 1

prion 1

cve 1

github 1

osv

CVE-2016-4483

2017-04-11 16:59:00

CVE-2018-14404

2018-07-19 13:29:00

CVE-2017-9047

2017-05-18 06:29:00

openvas

Fedora Update for libxml2 FEDORA-2015-037

2015-12-01 00:00:00

Oracle: Security Advisory (ELSA-2015-2550)

2015-12-08 00:00:00

Debian Security Advisory DSA 3430-1 (libxml2 - security update)

2015-12-23 00:00:00

nessus

FreeBSD : libxml2 -- multiple vulnerabilities (e195679d-045b-4953-bb33-be0073ba2ac6)

2016-08-29 00:00:00

Fedora 23 : libxml2-2.9.3-1.fc23 (2015-c24af963a2)

2016-03-04 00:00:00

Fedora 22 : libxml2-2.9.3-1.fc22 (2015-037f844d3e)

2016-03-04 00:00:00

archlinux

libxml2: multiple issues

2015-12-09 00:00:00

libxml2: multiple issues

2016-05-26 00:00:00

suse

Security update for libxml2 (important)

2016-06-16 13:08:21

Security update for libxml2 (important)

2016-06-16 13:10:48

Security update for libxml2 (important)

2016-06-09 18:07:56

freebsd

libxml2 -- multiple vulnerabilities

2016-05-23 00:00:00

libxml2 -- multiple vulnerabilities

2015-11-20 00:00:00

fedora

[SECURITY] Fedora 22 Update: libxml2-2.9.3-1.fc22

2015-11-30 23:26:43

[SECURITY] Fedora 23 Update: libxml2-2.9.3-1.fc23

2015-11-26 21:01:32

[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25

2017-04-19 09:32:17

debian

[SECURITY] [DSA 3430-1] libxml2 security update

2015-12-23 13:19:18

[SECURITY] [DSA 3430-1] libxml2 security update

2015-12-23 13:19:18

[SECURITY] [DLA 373-1] libxml2 security update

2015-12-26 13:08:39

ibm

Security Bulletin: OpenSource libXML2 Vulnerabilities affect Identity Insight 8.1

2018-06-16 13:38:33

Security Bulletin: Multiple vulnerabilities in Libxml2 affect Rational Systems Tester

2018-06-17 05:07:59

Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8317)

2018-06-15 23:15:11

oraclelinux

libxml2 security update

2015-12-07 00:00:00

libxml2 security update

2015-12-07 00:00:00

libxml2 security update

2016-06-23 00:00:00

gentoo

libxml2: Multiple vulnerabilities

2017-01-16 00:00:00

amazon

Medium: libxml2

2015-12-14 10:00:00

Important: libxml2

2016-07-14 16:30:00

Medium: libxml2

2019-05-29 19:14:00

K61570943 : Multiple libXML2 vulnerabilities

2016-02-15 00:00:00

SOL61570943 - libXML2 vulnerabilities CVE-2015-7941 and CVE-2015-7942

2016-02-15 00:00:00

centos

libxml2 security update

2015-12-07 13:26:33

libxml2 security update

2015-12-07 20:38:05

libxml2 security update

2016-06-23 15:28:21

veracode

Information Disclosure

2019-05-02 05:51:46

Denial Of Service (DoS)

2019-05-02 05:51:46

Denial Of Service (DoS)

2019-05-02 05:51:46

redhat

(RHSA-2015:2549) Moderate: libxml2 security update

2015-12-07 00:00:00

(RHSA-2015:2550) Moderate: libxml2 security update

2015-12-07 10:04:33

(RHSA-2016:1292) Important: libxml2 security update

2016-06-23 08:21:08

altlinux

Security fix for the ALT Linux 8 package libxml2 version 1:2.9.4.0.12.e905-alt1

2017-03-07 00:00:00

Security fix for the ALT Linux 9 package libxml2 version 1:2.9.4.0.12.e905-alt1

2017-03-03 00:00:00

Security fix for the ALT Linux 10 package libxml2 version 1:2.9.4.0.12.e905-alt1

2017-03-03 00:00:00

rubygems

Nokogiri gem contains several vulnerabilities in libxml2

2015-12-14 21:00:00

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt

2015-04-13 21:00:00

cloudfoundry

USN-2834-1 libxml2 vulnerability | Cloud Foundry

2016-01-07 00:00:00

USN-2994-1 libxml2 vulnerabilities | Cloud Foundry

2016-06-13 00:00:00

ubuntu

libxml2 vulnerabilities

2015-12-14 00:00:00

libxml2 vulnerabilities

2016-06-06 00:00:00

libxml2 vulnerabilities

2015-11-16 00:00:00

symantec

SA129 : Multiple libxml2 Vulnerabilities

2016-09-01 08:00:00

mageia

Updated libxml2 packages fix security vulnerability

2016-07-27 00:59:16

Updated libxml2 packages fix security vulnerabilities

2015-11-26 23:47:39

ubuntucve

CVE-2015-7942

2015-10-23 00:00:00

nvd

CVE-2015-7942

2015-11-18 16:59:06

CVE-2015-5312

2015-12-15 21:59:00

cvelist

CVE-2015-7942

2015-11-18 16:00:00

debiancve

CVE-2015-7942

2015-11-18 16:59:06

prion

Out-of-bounds

2015-11-18 16:59:00

cve

CVE-2015-7942

2015-11-18 16:59:06

github

Nokogiri subject to DoS via libxml2 vulnerability

2018-08-21 19:03:04

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

6.6

Confidence

Low

EPSS

0.046

Percentile

92.7%

JSON

Related for OSV:CVE-2021-3516