PT-2021-4592 · Libxml2+11 · Libxml2+11

Published

2021-04-22

·

Updated

2026-03-13

·

CVE-2021-3517

CVSS v3.1

8.6

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.11 Nokogiri versions prior to 1.11.4
Description The issue is related to a flaw in the xml entity encoding functionality, which could trigger an out-of-bounds read if a crafted file is processed by an application linked with the affected functionality. This could impact application availability, with potential effects on confidentiality and integrity if an attacker uses memory information to further exploit the application.
Recommendations For libxml2 versions prior to 2.9.11, update to version 2.9.11 or later to address the issue. For Nokogiri versions prior to 1.11.4, update to version 1.11.4 or later, which includes an updated version of libxml2 that addresses this vulnerability.

Exploit

Fix

DoS

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALSA-2021:2569
ALSA-2021_2569
ALSA-2025_16880
ALT-PU-2021-2057
ALT-PU-2021-2997
ALT-PU-2021-3332
ALT-PU-2023-4266
ALT-PU-2024-7812
BDU:2021-05274
CESA-2021_2569
CVE-2021-3517
DLA-2653-1
GHSA-JW9F-HH49-CVP9
MGASA-2021-0213
MGASA-2022-0050
OESA-2021-1202
OPENSUSE-SU-2021:0692-1
OPENSUSE-SU-2021:0764-1
OPENSUSE-SU-2021_0692-1
OPENSUSE-SU-2021_0764-1
OPENSUSE-SU-2024:11016-1
OPENSUSE-SU-2024:11340-1
OPENSUSE-SU-2024:11745-1
OPENSUSE-SU-2024:11912-1
OPENSUSE-SU-2024:13165-1
OPENSUSE-SU-2024:14174-1
OPENSUSE-SU-2025:14697-1
OPENSUSE-SU-2026:10356-1
RHSA-2021:2569
RHSA-2021_2569
RHSA-2022:1389
RLSA-2021:2569
SUSE-SU-2021:14729-1
SUSE-SU-2021:1523-1
SUSE-SU-2021:1524-1
SUSE-SU-2021:1654-1
SUSE-SU-2021:1658-1
SUSE-SU-2021_14729-1
USN-4991-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Java Platform
Linuxmint
Nokogiri
Red Hat
Rocky Linux
Suse
Ubuntu
Libxml2