There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
Se presenta un fallo en libxml2 en versiones anteriores a 2.9.11. Un atacante que pueda enviar un archivo diseñado para que sea procesado por una aplicación vinculada con libxml2 podría desencadenar un uso de la memoria previamente liberada. El mayor impacto de este fallo es a la confidencialidad, integridad y disponibilidad
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:N/AC:M/Au:N/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | MEDIUM |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-416
|
| [email protected] | Primary |
en
CWE-416
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| xmlsoft | libxml2 | * | <built-in method update of dict object at 0x72a9b0db6340> | Application |
| debian | debian_linux | 9.0 | <built-in method update of dict object at 0x72a9b0db7740> | Operating System |
| redhat | jboss_core_services | - | <built-in method update of dict object at 0x72a9cc60e000> | Application |
| redhat | enterprise_linux | 8.0 | <built-in method update of dict object at 0x72a9cc557040> | Operating System |
| fedoraproject | fedora | 33 | <built-in method update of dict object at 0x72a9b0db5a00> | Operating System |
| fedoraproject | fedora | 34 | <built-in method update of dict object at 0x72a9b0db7940> | Operating System |
| netapp | active_iq_unified_manager | - | <built-in method update of dict object at 0x72a9cc60e900> | Application |
| netapp | clustered_data_ontap | - | <built-in method update of dict object at 0x72a9cdf33480> | Application |
| netapp | clustered_data_ontap_antivirus_connector | - | <built-in method update of dict object at 0x72a9cc5c0dc0> | Application |
| netapp | manageability_software_development_kit | - | <built-in method update of dict object at 0x72a9b0db5840> | Application |
| netapp | ontap_select_deploy_administration_utility | - | <built-in method update of dict object at 0x72a9cc5568c0> | Application |
| netapp | snapdrive | - | <built-in method update of dict object at 0x72a9cc5c09c0> | Application |
| netapp | hci_h410c_firmware | - | <built-in method update of dict object at 0x72a9b0db4100> | Operating System |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 | <built-in method update of dict object at 0x72a9b0c3e200> | Application |
| oracle | enterprise_manager_base_platform | 13.4.0.0 | <built-in method update of dict object at 0x72a9b0db5900> | Application |
| oracle | enterprise_manager_base_platform | 13.5.0.0 | <built-in method update of dict object at 0x72a9b0db6a40> | Application |
| oracle | enterprise_manager_ops_center | 12.4.0.0 | <built-in method update of dict object at 0x72a9cc60e440> | Application |
| oracle | mysql_workbench | * | <built-in method update of dict object at 0x72a9b0db5500> | Application |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | <built-in method update of dict object at 0x72a9b0db7700> | Application |
| oracle | real_user_experience_insight | 13.4.1.0 | <built-in method update of dict object at 0x72a9cc60df00> | Application |
| oracle | real_user_experience_insight | 13.5.1.0 | <built-in method update of dict object at 0x72a9cc556bc0> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:* |