CVE-2021-3517 (CNNVD-202105-234)
HIGH
中文标题:
libxml2 缓冲区错误漏洞
英文标题:
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An at...
CVSS分数:
8.6
发布时间:
2021-05-19 13:45:00
漏洞类型:
缓冲区错误
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
libxml2是开源的一个用来解析XML文档的函数库。它用C语言写成,并且能为多种语言所调用,例如C语言,C++,XSH。 libxml2 中entities.c存在缓冲区错误漏洞,该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
英文描述:
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
CWE类型:
CWE-787
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| xmlsoft | libxml2 | * | - | - |
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
|
| redhat | jboss_core_services | - | - | - |
cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
|
| redhat | enterprise_linux | 8.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
|
| fedoraproject | fedora | 33 | - | - |
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
|
| fedoraproject | fedora | 34 | - | - |
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
|
| debian | debian_linux | 9.0 | - | - |
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
|
| netapp | active_iq_unified_manager | - | - | - |
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
|
| netapp | clustered_data_ontap | - | - | - |
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
|
| netapp | clustered_data_ontap_antivirus_connector | - | - | - |
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
|
| netapp | e-series_santricity_os_controller | * | - | - |
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
|
| netapp | e-series_santricity_storage_manager | - | - | - |
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
|
| netapp | e-series_santricity_web_services | - | - | - |
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
|
| netapp | hci_management_node | - | - | - |
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
|
| netapp | manageability_software_development_kit | - | - | - |
cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
|
| netapp | oncommand_insight | - | - | - |
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
|
| netapp | oncommand_workflow_automation | - | - | - |
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
|
| netapp | ontap_select_deploy_administration_utility | - | - | - |
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
|
| netapp | santricity_unified_manager | - | - | - |
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
|
| netapp | snapdrive | - | - | - |
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*
|
| netapp | snapmanager | - | - | - |
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
|
| netapp | solidfire | - | - | - |
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
|
| netapp | hci_h410c_firmware | - | - | - |
cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*
|
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 | - | - |
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
|
| oracle | enterprise_manager_base_platform | 13.4.0.0 | - | - |
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
|
| oracle | enterprise_manager_base_platform | 13.5.0.0 | - | - |
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
|
| oracle | mysql_workbench | * | - | - |
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
|
| oracle | openjdk | 8 | - | - |
cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*
|
| oracle | peoplesoft_enterprise_peopletools | 8.58 | - | - |
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
|
| oracle | real_user_experience_insight | 13.4.1.0 | - | - |
cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*
|
| oracle | real_user_experience_insight | 13.5.1.0 | - | - |
cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*
|
| oracle | zfs_storage_appliance_kit | 8.8 | - | - |
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
FEDORA-2021-e3ed1ba38b
vendor-advisory
cve.org
访问
cve.org
[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
FEDORA-2021-b950000d2b
vendor-advisory
cve.org
访问
cve.org
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
mailing-list
cve.org
访问
cve.org
GLSA-202107-05
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
CVSS评分详情
8.6
HIGH
CVSS向量:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CVSS版本:
3.1
机密性
LOW
完整性
LOW
可用性
HIGH
时间信息
发布时间:
2021-05-19 13:45:00
修改时间:
2024-08-03 16:53:17
创建时间:
2025-11-11 15:36:55
更新时间:
2025-11-11 15:56:45
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2021-3517 |
2025-11-11 15:21:05 | 2025-11-11 07:36:55 |
| NVD | nvd_CVE-2021-3517 |
2025-11-11 14:57:37 | 2025-11-11 07:45:14 |
| CNNVD | cnnvd_CNNVD-202105-234 |
2025-11-11 15:10:38 | 2025-11-11 07:56:45 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:56:45
vulnerability_type: 未提取 → 缓冲区错误; cnnvd_id: 未提取 → CNNVD-202105-234; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 缓冲区错误
- cnnvd_id: 未提取 -> CNNVD-202105-234
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:45:14
severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 8.6; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 0 → 31; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 8.6
- cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
- cvss_version: NOT_EXTRACTED -> 3.1
- affected_products_count: 0 -> 31
- data_sources: ['cve'] -> ['cve', 'nvd']