UNKNOWN RubyGems
Heap-based buffer overflow in nokogiri
GHSA-jxjr-5h69-qw3w · CVE-2015-7499
Published · Modified
Description
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-7499
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=1281925
- WEB https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc
- WEB https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da
- ADVISORY https://github.com/advisories/GHSA-jxjr-5h69-qw3w
- WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml
- WEB https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
- WEB https://security.gentoo.org/glsa/201701-37
- WEB https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509
- WEB https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243
- WEB http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
- WEB http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
- WEB http://rhn.redhat.com/errata/RHSA-2015-2549.html
- WEB http://rhn.redhat.com/errata/RHSA-2015-2550.html
- WEB http://www.debian.org/security/2015/dsa-3430
- WEB http://www.ubuntu.com/usn/USN-2834-1
- WEB http://xmlsoft.org/news.html
Ready to move
Start Securing
Free, no credit card | First findings in minutes