First published: Thu Apr 22 2021(Updated: )
libxml2. This issue was addressed with improved checks.
Credit: CVE-2021-3518 CVE-2021-3518 CVE-2021-3518 secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
rubygems/nokogiri | <1.11.4 | 1.11.4 |
redhat/jbcs-httpd24-apr-util | <0:1.6.1-91.el8 | 0:1.6.1-91.el8 |
redhat/jbcs-httpd24-curl | <0:7.78.0-3.el8 | 0:7.78.0-3.el8 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-80.el8 | 0:2.4.37-80.el8 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-41.el8 | 0:1.39.2-41.el8 |
redhat/jbcs-httpd24-openssl | <1:1.1.1g-11.el8 | 1:1.1.1g-11.el8 |
redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-11.el8 | 0:1.0.0-11.el8 |
redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-26.el8 | 0:0.4.10-26.el8 |
redhat/jbcs-httpd24-apr-util | <0:1.6.1-91.jbcs.el7 | 0:1.6.1-91.jbcs.el7 |
redhat/jbcs-httpd24-curl | <0:7.78.0-3.jbcs.el7 | 0:7.78.0-3.jbcs.el7 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-80.jbcs.el7 | 0:2.4.37-80.jbcs.el7 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-41.jbcs.el7 | 0:1.39.2-41.jbcs.el7 |
redhat/jbcs-httpd24-openssl | <1:1.1.1g-11.jbcs.el7 | 1:1.1.1g-11.jbcs.el7 |
redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-11.jbcs.el7 | 0:1.0.0-11.jbcs.el7 |
redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-26.jbcs.el7 | 0:0.4.10-26.jbcs.el7 |
redhat/libxml2 | <0:2.9.7-9.el8_4.2 | 0:2.9.7-9.el8_4.2 |
Apple macOS Big Sur | <11.5 | 11.5 |
Apple watchOS | <7.6 | 7.6 |
Apple tvOS | <14.7 | 14.7 |
redhat/libxml2 | <2.9.11 | 2.9.11 |
Xmlsoft Libxml2 | <2.9.11 | |
Debian Debian Linux | =9.0 | |
Redhat Jboss Core Services | ||
Redhat Enterprise Linux | =8.0 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
NetApp Clustered Data ONTAP | ||
Netapp Clustered Data Ontap Antivirus Connector | ||
Netapp Manageability Software Development Kit | ||
NetApp ONTAP Select Deploy administration utility | ||
Netapp Snapdrive Windows | ||
Netapp Hci H410c Firmware | ||
Netapp Hci H410c | ||
Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =1.10.0 | |
Oracle Enterprise Manager Base Platform | =13.4.0.0 | |
Oracle Enterprise Manager Base Platform | =13.5.0.0 | |
Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
Oracle Mysql Workbench | <=8.0.26 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
Oracle Real User Experience Insight | =13.4.1.0 | |
Oracle Real User Experience Insight | =13.5.1.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2021-3518 is a vulnerability in libxml2 before version 2.9.11 that allows an attacker to trigger a use-after-free by submitting a crafted file to an application linked with libxml2.
The greatest impact of CVE-2021-3518 is to the confidentiality, integrity, and availability of the affected system.
CVE-2021-3518 affects Apple watchOS up to version 7.6, Apple tvOS up to version 14.7, Apple macOS Big Sur up to version 11.5, and various packages from Red Hat.
To fix CVE-2021-3518, update to libxml2 version 2.9.11 or later for Apple products, and apply the relevant patches or updates for Red Hat packages.
You can find more information about CVE-2021-3518 on the Apple support website at the provided reference links.