vulnerability
Oracle Linux: CVE-2021-3537: ELSA-2021-2569: libxml2 security update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | May 1, 2021 | Jul 3, 2021 | Dec 3, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
May 1, 2021
Added
Jul 3, 2021
Modified
Dec 3, 2025
Description
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.
Solutions
oracle-linux-upgrade-libxml2oracle-linux-upgrade-libxml2-develoracle-linux-upgrade-python3-libxml2
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.