CVE-2021-3518

Public on 2021-05-18
Modified on 2024-03-01
Description

There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Severity
Medium
See what this means
CVSS v3 Base Score
8.6
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 libxml2 2023-05-03 ALAS-2023-1743
Amazon Linux 2 - Core libxml2 2021-07-02 ALAS2-2021-1677

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
NVD CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
NVD CVSSv3 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2021-3518 Mitre: CVE-2021-3518