CVE-2021-3537
- Source
- https://cve.org/CVERecord?id=CVE-2021-3537
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3537.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-3537
- Aliases
- Downstream
- Related
- Published
- 2021-05-14T20:15:16.553Z
- Modified
- 2026-03-15T22:42:22.287156Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
- https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
- https://security.gentoo.org/glsa/202107-05
- https://security.netapp.com/advisory/ntap-20210625-0002/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1956522
Affected packages
Git / github.com/gnome/libxml2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gnome/libxml2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "2.9.11" }, { "introduced": "0" }, { "last_affected": "6.0" } ] }
Affected versions
Other
CVE-2013-2877
CVE-2014-0191
CVE-2014-3660
CVE-2015-1819
CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499-1
CVE-2015-7499-2
CVE-2015-7500
CVE-2015-7941_1
CVE-2015-7941_2
CVE-2015-7942
CVE-2015-7942-2
CVE-2015-8035
CVE-2015-8242
CVE-2015-8317
CVE-2016-1762
CVE-2016-1833
CVE-2016-1834
CVE-2016-1835
CVE-2016-1836
CVE-2016-1837
CVE-2016-1838
CVE-2016-1839
CVE-2016-1840
CVE-2016-3627
CVE-2016-3705
CVE-2016-4449
CVE-2016-4483
CVE-2021-3541
EAZEL-NAUTILUS-MS-AUG07
FOR_GNOME_0_99_1
GNOME_0_30
GNOME_PRINT_0_24
GNUMERIC_FIRST_PUBLIC_RELEASE
LIBXML2_2_4_21
LIBXML2_2_5_0
LIBXML2_2_5_10
LIBXML2_2_5_7
LIBXML2_2_5_8
LIBXML2_2_5_9
LIBXML2_2_5_x
LIBXML2_2_6_1
LIBXML2_2_6_11
LIBXML2_2_6_12
LIBXML2_2_6_13
LIBXML2_2_6_14
LIBXML2_2_6_15
LIBXML2_2_6_16
LIBXML2_2_6_18
LIBXML2_2_6_19
LIBXML2_2_6_2
LIBXML2_2_6_20
LIBXML2_2_6_21
LIBXML2_2_6_22
LIBXML2_2_6_23
LIBXML2_2_6_24
LIBXML2_2_6_26
LIBXML2_2_6_27
LIBXML2_2_6_28
LIBXML2_2_6_3
LIBXML2_2_6_4
LIBXML2_2_6_5
LIBXML2_2_6_6
LIBXML2_2_6_7
LIBXML2_2_6_8
LIBXML2_2_6_9
LIBXML2_6_0
LIBXML_0_99
LIBXML_1_5_0
LIBXML_1_8_5
LIBXML_1_8_6
LIBXML_2_0_0
LIBXML_2_1_0
LIBXML_2_1_1
LIBXML_2_2_1
LIBXML_2_2_3
LIBXML_2_2_4
LIBXML_2_2_6
LIBXML_2_2_7
LIBXML_2_2_8
LIBXML_2_3_0
LIBXML_2_3_10
LIBXML_2_3_11
LIBXML_2_3_12
LIBXML_2_3_13
LIBXML_2_3_14
LIBXML_2_3_2
LIBXML_2_3_3
LIBXML_2_3_4
LIBXML_2_3_5
LIBXML_2_3_6
LIBXML_2_3_7
LIBXML_2_3_8
LIBXML_2_3_9
LIBXML_2_4_0
LIBXML_2_4_11
LIBXML_2_4_12
LIBXML_2_4_13
LIBXML_2_4_14
LIBXML_2_4_16
LIBXML_2_4_18
LIBXML_2_4_2
LIBXML_2_4_20
LIBXML_2_4_22
LIBXML_2_4_23
LIBXML_2_4_24
LIBXML_2_4_25
LIBXML_2_4_26
LIBXML_2_4_27
LIBXML_2_4_29
LIBXML_2_4_3
LIBXML_2_4_30
LIBXML_2_4_4
LIBXML_2_4_6
LIBXML_2_4_7
LIBXML_2_5_1
LIBXML_2_5_2
LIBXML_2_5_3
LIBXML_2_5_4
LIBXML_2_5_5
LIBXML_2_5_6
LIBXML_2_6_10
LIBXML_TEST_2_0_0
LIB_XML_1_1
LIB_XML_1_3
LIB_XML_1_4
LIB_XML_1_6_1
LIB_XML_1_6_2
LIB_XML_1_7_0
LIB_XML_1_7_1
LIB_XML_1_7_3
LIB_XML_1_8_3
LIB_XML_1_X
PRE_MUCKUP
PRE_MUCKUP2
PRE_MUCKUP3
help
jdk7-b100
jdk7-b101
jdk7-b102
jdk7-b103
jdk7-b104
jdk7-b105
jdk7-b106
jdk7-b107
jdk7-b108
jdk7-b109
jdk7-b110
jdk7-b111
jdk7-b112
jdk7-b113
jdk7-b114
jdk7-b115
jdk7-b116
jdk7-b117
jdk7-b118
jdk7-b119
jdk7-b120
jdk7-b121
jdk7-b122
jdk7-b123
jdk7-b124
jdk7-b125
jdk7-b126
jdk7-b127
jdk7-b128
jdk7-b129
jdk7-b130
jdk7-b131
jdk7-b132
jdk7-b133
jdk7-b134
jdk7-b135
jdk7-b136
jdk7-b137
jdk7-b138
jdk7-b139
jdk7-b140
jdk7-b141
jdk7-b142
jdk7-b143
jdk7-b144
jdk7-b145
jdk7-b146
jdk7-b147
jdk7-b24
jdk7-b25
jdk7-b26
jdk7-b27
jdk7-b28
jdk7-b29
jdk7-b30
jdk7-b31
jdk7-b32
jdk7-b33
jdk7-b34
jdk7-b35
jdk7-b36
jdk7-b37
jdk7-b38
jdk7-b39
jdk7-b40
jdk7-b41
jdk7-b42
jdk7-b43
jdk7-b44
jdk7-b45
jdk7-b46
jdk7-b47
jdk7-b48
jdk7-b49
jdk7-b50
jdk7-b51
jdk7-b52
jdk7-b53
jdk7-b54
jdk7-b55
jdk7-b56
jdk7-b57
jdk7-b58
jdk7-b59
jdk7-b60
jdk7-b61
jdk7-b62
jdk7-b63
jdk7-b64
jdk7-b65
jdk7-b66
jdk7-b67
jdk7-b68
jdk7-b69
jdk7-b70
jdk7-b71
jdk7-b72
jdk7-b73
jdk7-b74
jdk7-b75
jdk7-b76
jdk7-b77
jdk7-b78
jdk7-b79
jdk7-b80
jdk7-b81
jdk7-b82
jdk7-b83
jdk7-b84
jdk7-b85
jdk7-b86
jdk7-b87
jdk7-b88
jdk7-b89
jdk7-b90
jdk7-b91
jdk7-b92
jdk7-b93
jdk7-b94
jdk7-b95
jdk7-b96
jdk7-b97
jdk7-b98
jdk7-b99
jdk8-b01
jdk8-b02
jdk8-b03
jdk8-b04
jdk8-b05
jdk8-b06
jdk8-b07
jdk8-b08
jdk8-b09
jdk8-b10
jdk8-b11
jdk8-b12
jdk8-b13
jdk8-b14
jdk8-b15
jdk8-b16
jdk8-b17
jdk8-b18
jdk8-b19
jdk8-b20
jdk8-b21
jdk8-b22
jdk8-b23
jdk8-b24
jdk8-b25
jdk8-b26
jdk8-b27
jdk8-b28
jdk8-b29
jdk8-b30
jdk8-b31
jdk8-b32
jdk8-b33
jdk8-b34
jdk8-b35
jdk8-b36
jdk8-b37
jdk8-b38
jdk8-b39
jdk8-b40
jdk8-b41
jdk8-b42
jdk8-b43
jdk8-b44
jdk8-b45
jdk8-b46
jdk8-b47
jdk8-b48
jdk8-b49
jdk8-b50
jdk8-b51
jdk8-b52
jdk8-b53
jdk8-b54
jdk8-b55
jdk8-b56
jdk8-b57
jdk8-b58
LIBXML2.*
LIBXML2.6.32
LIBXML2.7.0
LIBXML2.7.1
LIBXML2.7.2
LIBXML2.7.3
v2.*
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.8.0
v2.8.0-rc1
v2.8.0-rc2
v2.9.0
v2.9.0-rc2
v2.9.1
v2.9.10
v2.9.10-rc1
v2.9.2
v2.9.2-rc1
v2.9.2-rc2
v2.9.3
v2.9.4
v2.9.4-rc1
v2.9.4-rc2
v2.9.5
v2.9.5-rc1
v2.9.5-rc2
v2.9.6
v2.9.6-rc1
v2.9.7
v2.9.7-rc1
v2.9.8
v2.9.8-rc1
v2.9.9
v2.9.9-rc1
v2.9.9-rc2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3537.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "34"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.4.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.5.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.4.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.26"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8-update301"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.4.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.5.1.0"
}
]
}
]
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "testapi.c"
},
"source": "https://github.com/gnome/libxml2/commit/e1bcffea180d6cc0651757bb64284a763e0e2239",
"deprecated": false,
"digest": {
"line_hashes": [
"61551077790304056876126381115245055965",
"278846916215258117913027984776762678417",
"335982757857177150834168525661853921922",
"87840030754328165737181167332541198940",
"61551077790304056876126381115245055965",
"278846916215258117913027984776762678417",
"105711474186756975709469310745455797308",
"103706706750952072917010335478765316004",
"227047217400973127911964602216150042388",
"253258039250536385915162828640596572926",
"335982757857177150834168525661853921922",
"87840030754328165737181167332541198940",
"227047217400973127911964602216150042388",
"253258039250536385915162828640596572926",
"105711474186756975709469310745455797308",
"263486003320329746243870951465374401173",
"112950646771093583388072220651695062566",
"231864520689178078662381811343978537663",
"213333773092754020127207462965134162165",
"19008729915787537273927561381864711242",
"112950646771093583388072220651695062566",
"231864520689178078662381811343978537663",
"213333773092754020127207462965134162165",
"19008729915787537273927561381864711242",
"273240550832595461615251408636344817319",
"162912241845094166163791832543701405088",
"671650474723048413359612334217206008",
"22766956053755843453510076977580137201",
"13167474649499926961065524423099785312",
"83470413458974766405520199037916535562",
"276402490468899750538561900822383734744",
"333682037389609673181412300351361172030",
"9499193487410093391036358074880903632",
"30805303948970631633603096678317204355",
"93889085830397632709481663916004609330",
"229956981014592868447519071218013779439",
"240624245583924818381392266620352655927",
"223174899253645334504338538819361168413",
"294476493037697202535040764027097131119",
"129304591418198192271541858825325701656",
"140204848231080657012011575632498051783",
"75311632195512841680531928924350830586",
"256053888072821081238103619703165798762",
"235378452580802392739918607691411522119",
"244992818881073020881304797438692585130",
"66651940352215863530508914348900210359",
"48019944339009281467628355593178272818",
"106918772490863171659640772695582053951",
"116925370429586760959130651896312835976",
"148133004854708868535797103792350393744",
"102183146399774788380381559441867815797",
"308117370035021215489377534456228663968",
"187339639605561687559806077174150854909",
"130836858511549172127312257489846408951",
"52797561731550596294797782502825671297",
"313419538420946173683294680071732735569",
"246138447249870484217065672110268629284"
],
"threshold": 0.9
},
"id": "CVE-2021-3537-1aa97e63",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "testapi.c",
"function": "test_xmlIO"
},
"source": "https://github.com/gnome/libxml2/commit/e1bcffea180d6cc0651757bb64284a763e0e2239",
"deprecated": false,
"digest": {
"function_hash": "198329610838053062539893085088781189951",
"length": 1155.0
},
"id": "CVE-2021-3537-4ad7707d",
"signature_type": "Function"
}
]