CVE-2021-3516: Use After Free

Published Apr 21, 2021
·
Updated

An use-after-free was found in xmllint when used with --html and --push options when processing crafted files.

Reference: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230

Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539

Other sources

libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in xmlEncodeEntitiesInternal() in entities.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

IBM

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

There's a flaw in libxml2's xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Affected Software

29 affected componentsFixes available
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
1:1.1.1g-11.el8
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.el8
0:1.0.0-11.el8
redhat/jbcs-httpd24-openssl-pkcs11<0:0.4.10-26.el8
0:0.4.10-26.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.jbcs.el7
0:1.6.1-91.jbcs.el7
redhat/jbcs-httpd24-curl<0:7.78.0-3.jbcs.el7
0:7.78.0-3.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-80.jbcs.el7
0:2.4.37-80.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.jbcs.el7
0:1.39.2-41.jbcs.el7
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.jbcs.el7
1:1.1.1g-11.jbcs.el7
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.jbcs.el7
0:1.0.0-11.jbcs.el7
redhat/jbcs-httpd24-openssl-pkcs11<0:0.4.10-26.jbcs.el7
0:0.4.10-26.jbcs.el7
redhat/libxml2<0:2.9.7-9.el8_4.2
0:2.9.7-9.el8_4.2
redhat/libxml2<2.9.11
2.9.11
IBM Security Verify Access<=10.0.0
Xmlsoft Xmllint<2.9.11
Debian Debian Linux=9.0
Fedoraproject Fedora=33
Fedoraproject Fedora=34
redhat JBoss Core Services
redhat Enterprise Linux=6.0
redhat Enterprise Linux=7.0
redhat Enterprise Linux=8.0
NetApp Clustered Data ONTAP
NetApp Clustered Data Ontap Antivirus Connector
NetApp ONTAP Select Deploy administration utility
Oracle ZFS Storage Appliance Kit=8.8

Remediation

Patch Available

https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539

Patch Available

https://www.oracle.com/security-alerts/cpujan2022.html

Information

This flaw can be mitigated by not using xmllint with the --html and --push options together.

Event History

Apr 21, 2021
CVE Published
12:00 AM
Apr 27, 2021
Data Sourced
via Red Hat·06:45 PM
DescriptionSeverityAffected Software
Jun 1, 2021
CVE Published
via MITRE·01:38 PM
Data Sourced
via MITRE·01:38 PM
DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the vulnerability ID for this flaw in libxml2's xmllint?

The vulnerability ID for this flaw in libxml2's xmllint is CVE-2021-3516.

2

What is the severity of CVE-2021-3516?

The severity of CVE-2021-3516 is high, with a severity value of 7.8.

3

How does CVE-2021-3516 impact the system?

CVE-2021-3516 allows a remote attacker to execute arbitrary code on the system.

4

What is the affected software for CVE-2021-3516?

The affected software for CVE-2021-3516 includes libxml2 version up to 2.9.11, jbcs-httpd24-apr-util version up to 0:1.6.1-91.el8, jbcs-httpd24-curl version up to 0:7.78.0-3.el8, jbcs-httpd24-httpd version up to 0:2.4.37-80.el8, jbcs-httpd24-nghttp2 version up to 0:1.39.2-41.el8, jbcs-httpd24-openssl version up to 1:1.1.1g-11.el8, jbcs-httpd24-openssl-chil version up to 0:1.0.0-11.el8, jbcs-httpd24-openssl-pkcs11 version up to 0:0.4.10-26.el8, jbcs-httpd24-apr-util version up to 0:1.6.1-91.jbcs.el7, jbcs-httpd24-curl version up to 0:7.78.0-3.jbcs.el7, jbcs-httpd24-httpd version up to 0:2.4.37-80.jbcs.el7, jbcs-httpd24-nghttp2 version up to 0:1.39.2-41.jbcs.el7, jbcs-httpd24-openssl version up to 1:1.1.1g-11.jbcs.el7, jbcs-httpd24-openssl-chil version up to 0:1.0.0-11.jbcs.el7, libxml2 version up to 0:2.9.7-9.el8_4.2, IBM Security Verify Access up to version 10.0.0, Xmlsoft Xmllint up to version 2.9.11, Debian Debian Linux version 9.0, Fedoraproject Fedora versions 33 and 34, Microsoft .NET 7.0, Redhat Enterprise Linux versions 6.0, 7.0, and 8.0, NetApp Clustered Data ONTAP, Netapp Clustered Data Ontap Antivirus Connector, NetApp ONTAP Select Deploy administration utility, and Oracle ZFS Storage Appliance Kit version 8.8.

5

How can I fix the vulnerability in libxml2's xmllint (CVE-2021-3516)?

To fix the vulnerability in libxml2's xmllint (CVE-2021-3516), it is recommended to update to version 2.9.11 or apply the appropriate patch provided by the software vendor.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203