PT-2021-3131 · Libxml2+9 · Libxml2+9

Published

2021-05-13

·

Updated

2026-03-13

·

CVE-2021-3541

CVSS v3.1

8.6

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Name of the Vulnerable Software and Affected Versions libxml2 (affected versions not specified)
Description A flaw was found in libxml2, allowing for an exponential entity expansion attack that can bypass existing protection mechanisms, leading to a denial of service. The vulnerability is related to insufficient input data validation, which can be exploited by a remote attacker to cause a denial of service by sending specially crafted input data to the application.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

XML Entity Expansion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-776CWE-20

Related Identifiers

ALSA-2021:2569
ALT-PU-2021-2057
ALT-PU-2021-2997
ALT-PU-2021-3332
ALT-PU-2023-4266
ALT-PU-2024-7812
BDU:2021-02772
CESA-2021_2569
CVE-2021-3541
DLA-2669-1
GHSA-7RRM-V45F-JP64
MGASA-2021-0232
MGASA-2022-0050
OESA-2021-1222
OPENSUSE-SU-2021:0886-1
OPENSUSE-SU-2021:1917-1
OPENSUSE-SU-2021_0886-1
OPENSUSE-SU-2021_1917-1
OPENSUSE-SU-2024:11016-1
OPENSUSE-SU-2024:11340-1
OPENSUSE-SU-2024:11745-1
OPENSUSE-SU-2024:11912-1
OPENSUSE-SU-2024:13165-1
OPENSUSE-SU-2024:14174-1
OPENSUSE-SU-2025:14697-1
OPENSUSE-SU-2026:10356-1
RHSA-2021:2569
RHSA-2021_2569
RHSA-2022:1389
RLSA-2021:2569
SUSE-SU-2021:1917-1
SUSE-SU-2021:2016-1
SUSE-SU-2021_1917-1
SUSE-SU-2021_2016-1
SUSE-SU-2023:2048-1
SUSE-SU-2023_2048-1
USN-4991-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu
Libxml2