Denial of service or RCE from libxml2 and libxslt

GHSA-7hp2-xwpj-95jq · CVE-2015-8806

Published Sep 17, 2018 · Modified Feb 16, 2024

Description

Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-8806
WEB https://github.com/sparklemotion/nokogiri/issues/1473
WEB https://bugzilla.gnome.org/show_bug.cgi?id=749115
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml
PACKAGE https://github.com/sparklemotion/nokogiri
WEB https://security.gentoo.org/glsa/201701-37
WEB https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071
WEB https://www.debian.org/security/2016/dsa-3593
WEB http://www.openwall.com/lists/oss-security/2016/02/03/5
WEB http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
WEB http://www.ubuntu.com/usn/USN-2994-1

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes