A heap-based buffer overflow was found in libxml2 when processing truncated UTF-8 input. Reference: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1954234] Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1954233]
Acknowledgments: Name: zodf0055980 (SQLab NCTU Taiwan)
Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
Statement: This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2569 https://access.redhat.com/errata/RHSA-2021:2569
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3517
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2022:1390 https://access.redhat.com/errata/RHSA-2022:1390
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2022:1389 https://access.redhat.com/errata/RHSA-2022:1389