CVE-2021-3517

EPSS 0.11% · P28 Updated Dec 04, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-3517

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

跨界内存写

Source: NVD (National Vulnerability Database)

Vulnerability Title

libxml2 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

libxml2是开源的一个用来解析XML文档的函数库。它用C语言写成，并且能为多种语言所调用，例如C语言，C++，XSH。 libxml2 中entities.c存在缓冲区错误漏洞，该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	libxml2	libxml2 2.9.11	-

II. Public POCs for CVE-2021-3517

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-3517

请登录查看更多情报信息。

https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20210625-0002/x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20211022-0004/x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1954232x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://security.gentoo.org/glsa/202107-05vendor-advisoryx_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/vendor-advisoryx_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2021/05/msg00008.htmlmailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Emailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2021-3517

Same Patch Batch · n/a · 2021-05-19 · 20 CVEs total

CVE-2021-3421		Red Hat Package Manager 数据伪造问题漏洞
CVE-2021-20589		多款 Mitsubishi Electric 设备缓冲区错误漏洞
CVE-2021-21732		ZTE 手机安全漏洞
CVE-2021-21733		ZXCDN 信息泄露漏洞
CVE-2020-20264		MikroTik RouterOS 数字错误漏洞
CVE-2020-20266		MikroTik RouterOS 代码问题漏洞
CVE-2017-17674		BMC Software BMC Remedy 9.1SP3 代码问题漏洞
CVE-2017-17678		BMC Remedy Mid Tier 9.1SP3 跨站脚本漏洞
CVE-2017-17675		BMC Software BMC Remedy 9.1SP3 日志信息泄露漏洞
CVE-2017-17677		BMC Remedy 9.1SP3 安全漏洞
CVE-2021-27924		Couchbase Server 安全漏洞
CVE-2021-3445		Red Hat libdnf 数据伪造问题漏洞
CVE-2021-31930		concerto 跨站脚本漏洞
CVE-2021-33204		PostgreSQL 命令注入漏洞
CVE-2021-31158		Couchbase Server 安全漏洞
CVE-2021-25644		Couchbase Server 安全漏洞
CVE-2020-36364		Smartstore SmartStoreNET 路径遍历漏洞
CVE-2021-27925		Couchbase Server 竞争条件问题漏洞
CVE-2020-36365		Smartstore SmartStoreNET 输入验证错误漏洞

IV. Related Vulnerabilities

Same product: libxml2

Same vendor: n/a

Same weakness: CWE-787

V. Comments for CVE-2021-3517

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-3517

I. Basic Information for CVE-2021-3517

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-3517

III. Intelligence Information for CVE-2021-3517

Same Patch Batch · n/a · 2021-05-19 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-3517

Leave a comment