From 7ba49208c950f5f6e525358be1fc774f5ee0ede5 Mon Sep 17 00:00:00 2001
From: "LI, WENJIE" <liwenjie@kylinos.cn>
Date: Wed, 30 Nov 2022 21:52:45 +0800
Subject: [PATCH] add cve/libxml2/2021/yaml/CVE-2021-3517.yaml.

---
 cve/libxml2/2021/yaml/CVE-2021-3517.yaml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 cve/libxml2/2021/yaml/CVE-2021-3517.yaml

diff --git a/cve/libxml2/2021/yaml/CVE-2021-3517.yaml b/cve/libxml2/2021/yaml/CVE-2021-3517.yaml
new file mode 100644
index 00000000..d215f84e
--- /dev/null
+++ b/cve/libxml2/2021/yaml/CVE-2021-3517.yaml
@@ -0,0 +1,19 @@
+id: CVE-2021-3517
+source: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
+info:
+  name: libxml2是开源的一个用来解析XML文档的函数库。它用C语言写成，并且能为多种语言所调用，例如C语言，C++，XSH。
+  severity: High
+  description: |
+    libxml2 中entities.c存在缓冲区错误漏洞，该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
+  scope-of-influence:
+    
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-3517
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
+    cvss-score: 8.6
+    cve-id: CVE-2021-3517
+    cwe-id: CWE-787
+    cnvd-id: None
+    kve-id: None
+  tags: cve2021,缓冲区错误
\ No newline at end of file
-- 
Gitee