CVE-2021-3537 - Xmlsoft Libxml2, Debian Debian Linux and Redhat Jboss Core Services

May 14, 2021

Moderate 5.9

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Affected software

Xmlsoft Libxml2

Debian Debian Linux

Redhat Jboss Core Services

Redhat Enterprise Linux

Fedoraproject Fedora

Reference links

https://bugzilla.redhat.com/show_bug.cgi?id=1956522
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

CVE-2021-3537 - Xmlsoft Libxml2, Debian Debian Linux and Redhat Jboss Core Services

Affected software

Reference links

Get alerted to vulnerabilities in your software