GHSA-jxjr-5h69-qw3w

Suggest an improvement
Source
https://github.com/advisories/GHSA-jxjr-5h69-qw3w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-jxjr-5h69-qw3w/GHSA-jxjr-5h69-qw3w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jxjr-5h69-qw3w
Aliases
Published
2018-09-17T21:57:38Z
Modified
2024-12-08T05:31:30.857317Z
Summary
Heap-based buffer overflow in nokogiri
Details

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application.

Database specific
{
    "nvd_published_at": "2015-12-15T21:59:00Z",
    "cwe_ids": [
        "CWE-119"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:44:24Z"
}
References

Affected packages

RubyGems / nokogiri

Package

Name
nokogiri
Purl
pkg:gem/nokogiri

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.6.0
Fixed
1.6.7.2

Affected versions

1.*

1.6.0
1.6.1
1.6.2.rc1
1.6.2.rc2
1.6.2.rc3
1.6.2
1.6.2.1
1.6.3.rc1
1.6.3.rc2
1.6.3.rc3
1.6.3
1.6.3.1
1.6.4
1.6.4.1
1.6.5
1.6.6.1
1.6.6.2
1.6.6.3
1.6.6.4
1.6.7.rc2
1.6.7.rc3
1.6.7.rc4
1.6.7
1.6.7.1

Database specific

{
    "last_known_affected_version_range": "<= 1.6.7.1"
}