GHSA-6qvp-r6r3-9p7h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6qvp-r6r3-9p7h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-6qvp-r6r3-9p7h/GHSA-6qvp-r6r3-9p7h.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6qvp-r6r3-9p7h
- Aliases
- Published
- 2019-01-17T14:05:03Z
- Modified
- 2024-02-16T08:23:25.840608Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Nokogiri NULL Pointer Dereference
- Details
-
A NULL pointer dereference vulnerability exists in the
xpath.c:xmlXPathCompOpEval()function of libxml2 through 2.9.8 when parsing an invalid XPath expression in theXPATH_OP_ANDorXPATH_OP_ORcase. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. - Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-476" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:20:04Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-14404
- https://github.com/sparklemotion/nokogiri/issues/1785
- https://access.redhat.com/errata/RHSA-2019:1543
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
- https://bugzilla.redhat.com/show_bug.cgi?id=1595985
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml
- https://gitlab.gnome.org/GNOME/libxml2/issues/10
- https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
- https://security.netapp.com/advisory/ntap-20190719-0002
- https://usn.ubuntu.com/3739-1
- https://usn.ubuntu.com/3739-2
Affected packages
RubyGems / nokogiri
Package
- Name
- nokogiri
- Purl
- pkg:gem/nokogiri
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.5
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.3.1
1.3.2
1.3.3
1.4.0
1.4.1
1.4.2
1.4.2.1
1.4.3
1.4.3.1
1.4.4
1.4.4.1
1.4.4.2
1.4.5
1.4.6
1.4.7
1.5.0.beta.1
1.5.0.beta.2
1.5.0.beta.3
1.5.0.beta.4
1.5.0
1.5.1.rc1
1.5.1
1.5.2
1.5.3.rc2
1.5.3.rc3
1.5.3.rc4
1.5.3.rc5
1.5.3.rc6
1.5.3
1.5.4.rc1
1.5.4.rc2
1.5.4.rc3
1.5.4
1.5.5.rc1
1.5.5.rc2
1.5.5.rc3
1.5.5
1.5.6.rc1
1.5.6.rc2
1.5.6.rc3
1.5.6
1.5.7.rc1
1.5.7.rc2
1.5.7.rc3
1.5.7
1.5.8
1.5.9
1.5.10
1.5.11
1.6.0.rc1
1.6.0
1.6.1
1.6.2.rc1
1.6.2.rc2
1.6.2.rc3
1.6.2
1.6.2.1
1.6.3.rc1
1.6.3.rc2
1.6.3.rc3
1.6.3
1.6.3.1
1.6.4
1.6.4.1
1.6.5
1.6.6.1
1.6.6.2
1.6.6.3
1.6.6.4
1.6.7.rc2
1.6.7.rc3
1.6.7.rc4
1.6.7
1.6.7.1
1.6.7.2
1.6.8.rc1
1.6.8.rc2
1.6.8.rc3
1.6.8
1.6.8.1
1.7.0
1.7.0.1
1.7.1
1.7.2
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4