PT-2021-4589 · Libxml2+9 · Libxml2+9

Published

2021-04-30

·

Updated

2026-03-13

·

CVE-2021-3537

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.11
Description The issue is related to the libxml2 library's parser component, which fails to propagate errors when parsing XML content. This can be exploited by a remote attacker using a specially crafted XML document to cause a denial of service. The vulnerability can lead to a NULL dereference, potentially crashing the application if an untrusted XML document is parsed in recovery mode and post-validated. The highest threat from this vulnerability is to system availability.
Recommendations For libxml2 versions prior to 2.9.11, update to version 2.9.11 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of untrusted XML documents to minimize the risk of exploitation. Avoid using the library's recovery mode and post-validation for untrusted XML documents until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2021:2569
ALSA-2025_16880
ALT-PU-2021-2057
ALT-PU-2021-2997
ALT-PU-2021-3332
ALT-PU-2023-4266
ALT-PU-2024-7812
BDU:2021-05268
CESA-2021_2569
CVE-2021-3537
DLA-2653-1
GHSA-286V-PCF5-25RC
MGASA-2021-0213
OESA-2021-1202
OPENSUSE-SU-2021:0764-1
OPENSUSE-SU-2021_0764-1
OPENSUSE-SU-2024:11016-1
OPENSUSE-SU-2024:11340-1
OPENSUSE-SU-2024:11912-1
OPENSUSE-SU-2024:13165-1
OPENSUSE-SU-2024:14174-1
OPENSUSE-SU-2025:14697-1
OPENSUSE-SU-2026:10356-1
RHSA-2021:2569
RHSA-2021_2569
RHSA-2022:1389
RLSA-2021:2569
SUSE-SU-2021:14729-1
SUSE-SU-2021:1654-1
SUSE-SU-2021:1658-1
SUSE-SU-2021_14729-1
USN-4991-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu
Libxml2