CVE-2021-3537 - log back

CVE-2021-3537 edited at 13 May 2021 15:59:05
Description
- It was found that libxml2 did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application.
+ It was found that libxml2 before version 2.9.11 did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application.
CVE-2021-3537 edited at 06 May 2021 08:06:52
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ It was found that libxml2 did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1956522
+ https://gitlab.gnome.org/GNOME/libxml2/-/issues/243
+ https://gitlab.gnome.org/GNOME/libxml2/-/issues/244
+ https://gitlab.gnome.org/GNOME/libxml2/-/issues/245
+ https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61
CVE-2021-3537 created at 06 May 2021 08:05:04
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes