6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
74.0%
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability
in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been
fixed in commit 50f06b3e.
Author | Note |
---|---|
mdeslaur | only affects xmllint contrary to description, not fixed in 8e7c20a1 |
ccdm94 | According to upstream, 50f06b3e is only a partial fix. Commit bf22713507 must be included in order to achieve a complete fix. Commit bf22713507, however, seems to have introduced an issue (see 237), fixed by 1098c30a04, which in turn seems to be the fix for CVE-2021-3518. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | libxml2 | < 2.9.4+dfsg1-6.1ubuntu1.4 | UNKNOWN |
ubuntu | 20.04 | noarch | libxml2 | < 2.9.10+dfsg-5ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 20.10 | noarch | libxml2 | < 2.9.10+dfsg-5ubuntu0.20.10.2 | UNKNOWN |
ubuntu | 14.04 | noarch | libxml2 | < 2.9.1+dfsg1-3ubuntu4.13+esm2 | UNKNOWN |
ubuntu | 16.04 | noarch | libxml2 | < 2.9.3+dfsg1-1ubuntu0.7+esm1 | UNKNOWN |
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
74.0%