CVE-2021-3518 vulnerability in Xmlsoft and Other Products
Published on May 18, 2021

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Github Repository Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2021-3518 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2021-3518

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3518 are published in these products:

Xmlsoft Libxml2

Debian Linux

Fedora Project Fedora

Red Hat Jboss Core Services

Red Hat Enterprise Linux (RHEL)

Canonical Ubuntu Linux

NetApp Active Iq Unified Manager

NetApp Clustered Data Ontap

NetApp Clustered Data Ontap Antivirus Connector

NetApp Manageability Software Development Kit

NetApp Ontap Select Deploy Administration Utility

NetApp Snapdrive

Oracle Enterprise Manager Ops Center

Oracle Mysql Workbench

Oracle Real User Experience Insight

Oracle Peoplesoft Enterprise Peopletools

Oracle Enterprise Manager Base Platform

Oracle Communications Cloud Native Core Network Function Cloud Native Environment

Vulnerable Packages

The following package name and versions may be associated with CVE-2021-3518

Package Manager	Vulnerable Package	Versions	Fixed In
rubygems	nokogiri	< 1.11.4	1.11.4

Exploit Probability

EPSS

0.23%

Percentile

45.58%