A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
Una vulnerabilidad encontrada en libxml2 en versiones anteriores a 2.9.11 muestra que no propagó errores al analizar el contenido mixto XML, causando una desreferencia de NULL. Si un documento XML que no es confiable fue analizado en modo de recuperación y pos-comprobado, el fallo podría usarse para bloquear la aplicación. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
AV:N/AC:M/Au:N/C:N/I:N/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | MEDIUM |
| Authentication | NONE |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-476
|
| [email protected] | Primary |
en
CWE-476
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| xmlsoft | libxml2 | * | <built-in method update of dict object at 0x72a9b0aa4200> | Application |
| redhat | jboss_core_services | - | <built-in method update of dict object at 0x72a9cc678e40> | Application |
| redhat | enterprise_linux | 6.0 | <built-in method update of dict object at 0x72a9cd084340> | Operating System |
| redhat | enterprise_linux | 7.0 | <built-in method update of dict object at 0x72a9b0aa5dc0> | Operating System |
| redhat | enterprise_linux | 8.0 | <built-in method update of dict object at 0x72a9b0aa5280> | Operating System |
| debian | debian_linux | 9.0 | <built-in method update of dict object at 0x72a9b0b3bd80> | Operating System |
| fedoraproject | fedora | 33 | <built-in method update of dict object at 0x72a9cc67bd80> | Operating System |
| fedoraproject | fedora | 34 | <built-in method update of dict object at 0x72a9cc67a280> | Operating System |
| netapp | active_iq_unified_manager | - | <built-in method update of dict object at 0x72a9cc774c00> | Application |
| netapp | clustered_data_ontap | - | <built-in method update of dict object at 0x72a9b0aa6940> | Application |
| netapp | clustered_data_ontap_antivirus_connector | - | <built-in method update of dict object at 0x72a9cd086780> | Application |
| netapp | manageability_software_development_kit | - | <built-in method update of dict object at 0x72a9cc67a500> | Application |
| netapp | ontap_select_deploy_administration_utility | - | <built-in method update of dict object at 0x72a9cc774880> | Application |
| netapp | snapdrive | - | <built-in method update of dict object at 0x72a9cdf31780> | Application |
| netapp | hci_h410c_firmware | - | <built-in method update of dict object at 0x72a9cc679a40> | Operating System |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 | <built-in method update of dict object at 0x72a9ccd2a400> | Application |
| oracle | enterprise_manager_base_platform | 13.4.0.0 | <built-in method update of dict object at 0x72a9b0b3a0c0> | Application |
| oracle | enterprise_manager_base_platform | 13.5.0.0 | <built-in method update of dict object at 0x72a9cc774b00> | Application |
| oracle | enterprise_manager_ops_center | 12.4.0.0 | <built-in method update of dict object at 0x72a9ccd2b9c0> | Application |
| oracle | mysql_workbench | * | <built-in method update of dict object at 0x72a9cc777540> | Application |
| oracle | openjdk | 8 | <built-in method update of dict object at 0x72a9cc679c00> | Application |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | <built-in method update of dict object at 0x72a9cc67b4c0> | Application |
| oracle | real_user_experience_insight | 13.4.1.0 | <built-in method update of dict object at 0x72a9cd08c040> | Application |
| oracle | real_user_experience_insight | 13.5.1.0 | <built-in method update of dict object at 0x72a9ccd29f00> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:* |