Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2021-3517

Public on 2021-05-19
Modified on 2024-03-01
Description

There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Severity
Medium
See what this means
CVSS v3 Base Score
8.6
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core java-11-amazon-corretto 2021-10-28 23:20 ALAS2-2021-1718
Amazon Linux 1 libxml2 2023-04-27 16:19 ALAS-2023-1743
Amazon Linux 2 - Core libxml2 2021-06-16 20:37 ALAS2-2021-1662
Amazon Linux 2 - Corretto8 Extra java-1.8.0-amazon-corretto 2024-05-23 23:02 ALAS2CORRETTO8-2024-012

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
NVD CVSSv2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
NVD CVSSv3 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H