QID 352459
Date Published: 2021-07-02
QID 352459: Amazon Linux Security Advisory for libxml2: ALAS2-2021-1677
<DIV ID="issue_overview"> there's a flaw in libxml2's xmllint.
An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free.
The greatest impact of this flaw is to confidentiality, integrity, and availability. (
cve-2021-3516 ) there's a flaw in libxml2.
An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free.
The greatest impact from this flaw is to confidentiality, integrity, and availability. (
cve-2021-3518 ) a vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing xml mixed content, causing a null dereference.
If an untrusted xml document was parsed in recovery mode and post-validated, the flaw could be used to crash the application.
The highest threat from this vulnerability is to system availability. (
cve-2021-3537 ) </DIV>
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
- ALAS2-2021-1677 -
alas.aws.amazon.com/AL2/ALAS-2021-1677.html
CVEs related to QID 352459
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2021-1677 | Amazon Linux 2 |
alas.aws.amazon.com/AL2/ALAS-2021-1677.html |