GHSA-8c56-cpmw-89x7

Source

https://github.com/advisories/GHSA-8c56-cpmw-89x7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/12/GHSA-8c56-cpmw-89x7/GHSA-8c56-cpmw-89x7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8c56-cpmw-89x7

Aliases

CVE-2017-9050

Published

2017-12-13T21:38:24Z

Modified

2023-11-08T03:59:28.531189Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Out-of-bounds read in nokogiri

Details

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. GitHub is notifying on nokogiri as uses libxml2.

References

Affected packages

RubyGems / nokogiri

Package

Name: nokogiri
Purl: pkg:gem/nokogiri

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.1

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.1.0

1.1.1

1.2.0

1.2.1

1.2.2

1.2.3

1.3.0

1.3.1

1.3.2

1.3.3

1.4.0

1.4.1

1.4.2

1.4.2.1

1.4.3

1.4.3.1

1.4.4

1.4.4.1

1.4.4.2

1.4.5

1.4.6

1.4.7

1.5.0.beta.1

1.5.0.beta.2

1.5.0.beta.3

1.5.0.beta.4

1.5.0

1.5.1.rc1

1.5.1

1.5.2

1.5.3.rc2

1.5.3.rc3

1.5.3.rc4

1.5.3.rc5

1.5.3.rc6

1.5.3

1.5.4.rc1

1.5.4.rc2

1.5.4.rc3

1.5.4

1.5.5.rc1

1.5.5.rc2

1.5.5.rc3

1.5.5

1.5.6.rc1

1.5.6.rc2

1.5.6.rc3

1.5.6

1.5.7.rc1

1.5.7.rc2

1.5.7.rc3

1.5.7

1.5.8

1.5.9

1.5.10

1.5.11

1.6.0.rc1

1.6.0

1.6.1

1.6.2.rc1

1.6.2.rc2

1.6.2.rc3

1.6.2

1.6.2.1

1.6.3.rc1

1.6.3.rc2

1.6.3.rc3

1.6.3

1.6.3.1

1.6.4

1.6.4.1

1.6.5

1.6.6.1

1.6.6.2

1.6.6.3

1.6.6.4

1.6.7.rc2

1.6.7.rc3

1.6.7.rc4

1.6.7

1.6.7.1

1.6.7.2

1.6.8.rc1

1.6.8.rc2

1.6.8.rc3

1.6.8

1.6.8.1

1.7.0

1.7.0.1

1.7.1

1.7.2

1.8.0