Out-of-bounds read in nokogiri

GHSA-8c56-cpmw-89x7 · CVE-2017-9050

Published Dec 13, 2017 · Modified Nov 8, 2023

Description

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. GitHub is notifying on nokogiri as uses libxml2.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-9050
WEB https://security.gentoo.org/glsa/201711-01
WEB http://www.debian.org/security/2017/dsa-3952
WEB http://www.openwall.com/lists/oss-security/2017/05/15/1

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes