Vulnerabilities > CVE-2021-3541 - XML Entity Expansion vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1950515
- https://bugzilla.redhat.com/show_bug.cgi?id=1950515
- https://security.netapp.com/advisory/ntap-20210805-0007/
- https://security.netapp.com/advisory/ntap-20210805-0007/
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html