CVE-2015-7499 – nokogiri

Package

Manager: gem
Name: nokogiri
Vulnerable Version: >=1.6.0 <1.6.7.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.0185 pctl0.82301

Details

Heap-based buffer overflow in nokogiri Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application.

Metadata

Created: 2018-09-17T21:57:38Z
Modified: 2023-07-05T17:45:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-jxjr-5h69-qw3w/GHSA-jxjr-5h69-qw3w.json
CWE IDs: ["CWE-119"]
Alternative ID: GHSA-jxjr-5h69-qw3w
Finding: F316
Auto approve: 1