Description
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1954225
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202107-05
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2022.html
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
Patch, Third Party Advisory x_refsource_misc
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210716-0005/
Scores
CVSS v3
7.8
EPSS
0.0036
EPSS Percentile
58.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (12)
debian/debian_linux
9.0
fedoraproject/fedora
33
fedoraproject/fedora
34
netapp/clustered_data_ontap
netapp/clustered_data_ontap_antivirus_connector
netapp/ontap_select_deploy_administration_utility
oracle/zfs_storage_appliance_kit
8.8
redhat/enterprise_linux
6.0
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
... and 2 more
Published
Jun 01, 2021
Tracked Since
Feb 18, 2026