CVE-2021-3537 vulnerability in Xmlsoft and Other Products
Published on May 14, 2021

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Github Repository Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

Products Associated with CVE-2021-3537

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3537 are published in these products:

Xmlsoft Libxml2

Red Hat Jboss Core Services

Red Hat Enterprise Linux (RHEL)

Debian Linux

Fedora Project Fedora

Canonical Ubuntu Linux

NetApp Active Iq Unified Manager

NetApp Clustered Data Ontap

NetApp Clustered Data Ontap Antivirus Connector

NetApp Manageability Software Development Kit

NetApp Ontap Select Deploy Administration Utility

NetApp Snapdrive

Oracle Enterprise Manager Ops Center

Oracle Mysql Workbench

Oracle Jdk

Oracle Real User Experience Insight

Oracle Peoplesoft Enterprise Peopletools

Oracle Enterprise Manager Base Platform

Oracle Communications Cloud Native Core Network Function Cloud Native Environment

Vulnerable Packages

The following package name and versions may be associated with CVE-2021-3537

Package Manager	Vulnerable Package	Versions	Fixed In
rubygems	nokogiri	< 1.11.4	1.11.4

Exploit Probability

EPSS

0.10%

Percentile

28.34%