CVE-2021-3537 (Medium) detected in clamav-develclamav-0.98.4 - autoclosed

[mend-bolt-for-github[bot]]

CVE-2021-3537 - Medium Severity Vulnerability

Vulnerable Library - clamav-develclamav-0.98.4

ClamAV Development - FAQ is here: https://github.com/Cisco-Talos/clamav-faq

Library home page: https://github.com/vrtadmin/clamav-devel.git

Found in base branch: master

Vulnerable Source Files (3)

/blackrain2020/original-sources-3rd-party/clamav-0.98.4.tar/clamav-0.98.4/win32/3rdparty/libxml2/parser.c /blackrain2020/original-sources-3rd-party/clamav-0.98.4.tar/clamav-0.98.4/win32/3rdparty/libxml2/parser.c /blackrain2020/original-sources-3rd-party/clamav-0.98.4.tar/clamav-0.98.4/win32/3rdparty/libxml2/parser.c

Vulnerability Details

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Publish Date: 2021-05-14

URL: CVE-2021-3537

CVSS 3 Score Details (5.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1956522

Release Date: 2021-05-14

Fix Resolution: libxml2 2.9.11

---

Step up your Open Source Security Game with Mend here

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.