CVE-2021-3518

Public on 2021-05-18
Modified on 2024-03-01
Description
There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
Severity
Medium severity
Medium
CVSS v3 Base Score
8.6
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 libxml2 2023-04-27 ALAS-2023-1743 Fixed
Amazon Linux 2 - Core libxml2 2021-07-01 ALAS2-2021-1677 Fixed
Amazon Linux 2023 libxml2 Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
NVD CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
NVD CVSSv3 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H