Vulnerabilities > CVE-2021-3541 - XML Entity Expansion vulnerability in multiple products

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

NVD

Published: 2021-07-09

Updated: 2022-03-01

Summary

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Xmlsoft Xmlsoft Libxml2 - Xmlsoft Libxml2 1.7.0 Xmlsoft Libxml2 1.7.1 Xmlsoft Libxml2 1.7.2 Xmlsoft Libxml2 1.7.3 Xmlsoft Libxml2 1.7.4 Xmlsoft Libxml2 1.8.0 Xmlsoft Libxml2 1.8.1 Xmlsoft Libxml2 1.8.2 Xmlsoft Libxml2 1.8.3 Xmlsoft Libxml2 1.8.4 Xmlsoft Libxml2 1.8.5 Xmlsoft Libxml2 1.8.6 Xmlsoft Libxml2 1.8.7 Xmlsoft Libxml2 1.8.9 Xmlsoft Libxml2 1.8.10 Xmlsoft Libxml2 1.8.13 Xmlsoft Libxml2 1.8.14 Xmlsoft Libxml2 1.8.16 Xmlsoft Libxml2 2.0.0 Xmlsoft Libxml2 2.1.0 Xmlsoft Libxml2 2.1.1 Xmlsoft Libxml2 2.2.0 Xmlsoft Libxml2 2.2.1 Xmlsoft Libxml2 2.2.2 Xmlsoft Libxml2 2.2.3 Xmlsoft Libxml2 2.2.4 Xmlsoft Libxml2 2.2.5 Xmlsoft Libxml2 2.2.6 Xmlsoft Libxml2 2.2.7 Xmlsoft Libxml2 2.2.8 Xmlsoft Libxml2 2.2.9 Xmlsoft Libxml2 2.2.10 Xmlsoft Libxml2 2.2.11 Xmlsoft Libxml2 2.3.0 Xmlsoft Libxml2 2.3.1 Xmlsoft Libxml2 2.3.2 Xmlsoft Libxml2 2.3.3 Xmlsoft Libxml2 2.3.4 Xmlsoft Libxml2 2.3.5 Xmlsoft Libxml2 2.3.6 Xmlsoft Libxml2 2.3.7 Xmlsoft Libxml2 2.3.8 Xmlsoft Libxml2 2.3.9 Xmlsoft Libxml2 2.3.10 Xmlsoft Libxml2 2.3.11 Xmlsoft Libxml2 2.3.12 Xmlsoft Libxml2 2.3.13 Xmlsoft Libxml2 2.3.14 Xmlsoft Libxml2 2.4.1 Xmlsoft Libxml2 2.4.2 Xmlsoft Libxml2 2.4.3 Xmlsoft Libxml2 2.4.4 Xmlsoft Libxml2 2.4.5 Xmlsoft Libxml2 2.4.6 Xmlsoft Libxml2 2.4.7 Xmlsoft Libxml2 2.4.8 Xmlsoft Libxml2 2.4.9 Xmlsoft Libxml2 2.4.10 Xmlsoft Libxml2 2.4.11 Xmlsoft Libxml2 2.4.12 Xmlsoft Libxml2 2.4.13 Xmlsoft Libxml2 2.4.14 Xmlsoft Libxml2 2.4.15 Xmlsoft Libxml2 2.4.16 Xmlsoft Libxml2 2.4.17 Xmlsoft Libxml2 2.4.18 Xmlsoft Libxml2 2.4.19 Xmlsoft Libxml2 2.4.20 Xmlsoft Libxml2 2.4.21 Xmlsoft Libxml2 2.4.22 Xmlsoft Libxml2 2.4.23 Xmlsoft Libxml2 2.4.24 Xmlsoft Libxml2 2.4.25 Xmlsoft Libxml2 2.4.26 Xmlsoft Libxml2 2.4.27 Xmlsoft Libxml2 2.4.28 Xmlsoft Libxml2 2.4.29 Xmlsoft Libxml2 2.4.30 Xmlsoft Libxml2 2.5.0 Xmlsoft Libxml2 2.5.1 Xmlsoft Libxml2 2.5.2 Xmlsoft Libxml2 2.5.3 Xmlsoft Libxml2 2.5.4 Xmlsoft Libxml2 2.5.5 Xmlsoft Libxml2 2.5.6 Xmlsoft Libxml2 2.5.7 Xmlsoft Libxml2 2.5.8 Xmlsoft Libxml2 2.5.9 Xmlsoft Libxml2 2.5.10 Xmlsoft Libxml2 2.5.11 Xmlsoft Libxml2 2.6.0 Xmlsoft Libxml2 2.6.1 Xmlsoft Libxml2 2.6.2 Xmlsoft Libxml2 2.6.3 Xmlsoft Libxml2 2.6.4 Xmlsoft Libxml2 2.6.5 Xmlsoft Libxml2 2.6.6 Xmlsoft Libxml2 2.6.7 Xmlsoft Libxml2 2.6.8 Xmlsoft Libxml2 2.6.9 Xmlsoft Libxml2 2.6.10 Xmlsoft Libxml2 2.6.11 Xmlsoft Libxml2 2.6.12 Xmlsoft Libxml2 2.6.13 Xmlsoft Libxml2 2.6.14 Xmlsoft Libxml2 2.6.15 Xmlsoft Libxml2 2.6.16 Xmlsoft Libxml2 2.6.17 Xmlsoft Libxml2 2.6.18 Xmlsoft Libxml2 2.6.19 Xmlsoft Libxml2 2.6.20 Xmlsoft Libxml2 2.6.21 Xmlsoft Libxml2 2.6.22 Xmlsoft Libxml2 2.6.23 Xmlsoft Libxml2 2.6.24 Xmlsoft Libxml2 2.6.25 Xmlsoft Libxml2 2.6.26 Xmlsoft Libxml2 2.6.27 Xmlsoft Libxml2 2.6.28 Xmlsoft Libxml2 2.6.29 Xmlsoft Libxml2 2.6.30 Xmlsoft Libxml2 2.6.31 Xmlsoft Libxml2 2.6.32 Xmlsoft Libxml2 2.7.0 Xmlsoft Libxml2 2.7.1 Xmlsoft Libxml2 2.7.2 Xmlsoft Libxml2 2.7.3 Xmlsoft Libxml2 2.7.4 Xmlsoft Libxml2 2.7.5 Xmlsoft Libxml2 2.7.6 Xmlsoft Libxml2 2.7.7 Xmlsoft Libxml2 2.7.8 Xmlsoft Libxml2 2.8.0 Xmlsoft Libxml2 2.9.0 Xmlsoft Libxml2 2.9.1 Xmlsoft Libxml2 2.9.2 Xmlsoft Libxml2 2.9.3 Xmlsoft Libxml2 2.9.4 Xmlsoft Libxml2 2.9.5 Xmlsoft Libxml2 2.9.6 Xmlsoft Libxml2 2.9.7 Xmlsoft Libxml2 2.9.8 Xmlsoft Libxml2 2.9.9 Xmlsoft Libxml2 2.9.10	172
Application	Redhat Redhat Jboss Core Services -	1
Application	Oracle Oracle ZFS Storage Appliance KIT 8.8	1
Application	Netapp Netapp Active IQ Unified Manager - Netapp Cloud Backup - Netapp Clustered Data Ontap - Netapp Clustered Data Ontap Antivirus Connector - Netapp Manageability Software Development KIT - Netapp Ontap Select Deploy Administration Utility - Netapp SMI S Provider - Netapp Snapdrive -	8
OS	Netapp Netapp H410C Firmware - Netapp H300S Firmware - Netapp H500S Firmware - Netapp H700S Firmware - Netapp H300E Firmware - Netapp H500E Firmware - Netapp H700E Firmware - Netapp H410S Firmware -	8
Hardware	Netapp Netapp H410C - Netapp H300S - Netapp H500S - Netapp H700S - Netapp H300E - Netapp H500E - Netapp H700E - Netapp H410S -	8

Common Weakness Enumeration (CWE)

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References