Fluid Attacks Database

Description

Nokogiri gem, via libxml, is affected by DoS vulnerabilities parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rubygems	nokogiri	>=0 <1.8.1	1.8.1
alpine v3.13	clamav	=0.100.0-r0 \|\| =0.100.0-r1 \|\| =0.100.0-r2 \|\| =0.94.2-r0 \|\| =0.94.2-r1 \|\| =0.94.2-r2 \|\| =0.95.1-r0 \|\| =0.95.1-r1 \|\| =0.95.2-r0 \|\| =0.95.2-r1 \|\| =0.95.3-r0 \|\| =0.95.3-r1 \|\| =0.96-r0 \|\| =0.96.1-r0 \|\| =0.96.2-r0 \|\| =0.96.3-r0 \|\| =0.96.4-r0 \|\| =0.96.5-r0 \|\| =0.97-r0 \|\| =0.97-r1 \|\| =0.97-r2 \|\| =0.97-r3 \|\| =0.97-r4 \|\| =0.97.1-r0 \|\| =0.97.2-r0 \|\| =0.97.3-r0 \|\| =0.97.3-r1 \|\| =0.97.3-r2 \|\| =0.97.3-r3 \|\| =0.97.4-r0 \|\| =0.97.4-r1 \|\| =0.97.4-r2 \|\| =0.97.5-r0 \|\| =0.97.6-r0 \|\| =0.97.6-r1 \|\| =0.97.7-r0 \|\| =0.97.8-r0 \|\| =0.97.8-r1 \|\| =0.97.8-r2 \|\| =0.98-r0 \|\| =0.98-r1 \|\| =0.98.1-r0 \|\| =0.98.1-r1 \|\| =0.98.1-r2 \|\| =0.98.3-r0 \|\| =0.98.4-r0 \|\| =0.98.4-r1 \|\| =0.98.5-r0 \|\| =0.98.6-r0 \|\| =0.98.6-r1 \|\| =0.98.6-r2 \|\| =0.98.7-r0 \|\| =0.98.7-r1 \|\| =0.98.7-r2 \|\| =0.99-r0 \|\| =0.99-r1 \|\| =0.99-r2 \|\| =0.99-r3 \|\| =0.99.1-r0 \|\| =0.99.1-r1 \|\| =0.99.1-r2 \|\| =0.99.2-r0 \|\| =0.99.2-r1 \|\| =0.99.2-r2 \|\| =0.99.2-r3 \|\| =0.99.2-r4 \|\| =0.99.2-r5 \|\| =0.99.2-r6 \|\| =0.99.3-r1 \|\| =0.99.3-r2 \|\| =0.99.3-r3 \|\| =0.99.4-r0 \|\| =0.99.4-r1 \|\| >=0 <0.100.1-r0	0.100.1-r0
alpine v3.6	clamav	=0.94.2-r0 \|\| =0.94.2-r1 \|\| =0.94.2-r2 \|\| =0.95.1-r0 \|\| =0.95.1-r1 \|\| =0.95.2-r0 \|\| =0.95.2-r1 \|\| =0.95.3-r0 \|\| =0.95.3-r1 \|\| =0.96-r0 \|\| =0.96.1-r0 \|\| =0.96.2-r0 \|\| =0.96.3-r0 \|\| =0.96.4-r0 \|\| =0.96.5-r0 \|\| =0.97-r0 \|\| =0.97-r1 \|\| =0.97-r2 \|\| =0.97-r3 \|\| =0.97-r4 \|\| =0.97.1-r0 \|\| =0.97.2-r0 \|\| =0.97.3-r0 \|\| =0.97.3-r1 \|\| =0.97.3-r2 \|\| =0.97.3-r3 \|\| =0.97.4-r0 \|\| =0.97.4-r1 \|\| =0.97.4-r2 \|\| =0.97.5-r0 \|\| =0.97.6-r0 \|\| =0.97.6-r1 \|\| =0.97.7-r0 \|\| =0.97.8-r0 \|\| =0.97.8-r1 \|\| =0.97.8-r2 \|\| =0.98-r0 \|\| =0.98-r1 \|\| =0.98.1-r0 \|\| =0.98.1-r1 \|\| =0.98.1-r2 \|\| =0.98.3-r0 \|\| =0.98.4-r0 \|\| =0.98.4-r1 \|\| =0.98.5-r0 \|\| =0.98.6-r0 \|\| =0.98.6-r1 \|\| =0.98.6-r2 \|\| =0.98.7-r0 \|\| =0.98.7-r1 \|\| =0.98.7-r2 \|\| =0.99-r0 \|\| =0.99-r1 \|\| =0.99-r2 \|\| =0.99-r3 \|\| =0.99.1-r0 \|\| =0.99.1-r1 \|\| =0.99.1-r2 \|\| =0.99.2-r0 \|\| =0.99.2-r1 \|\| =0.99.2-r2 \|\| =0.99.2-r3 \|\| =0.99.2-r4 \|\| =0.99.4-r0 \|\| >=0 <0.100.1-r0	0.100.1-r0
alpine v3.8	clamav	=0.100.0-r0 \|\| =0.100.0-r1 \|\| =0.100.0-r2 \|\| =0.94.2-r0 \|\| =0.94.2-r1 \|\| =0.94.2-r2 \|\| =0.95.1-r0 \|\| =0.95.1-r1 \|\| =0.95.2-r0 \|\| =0.95.2-r1 \|\| =0.95.3-r0 \|\| =0.95.3-r1 \|\| =0.96-r0 \|\| =0.96.1-r0 \|\| =0.96.2-r0 \|\| =0.96.3-r0 \|\| =0.96.4-r0 \|\| =0.96.5-r0 \|\| =0.97-r0 \|\| =0.97-r1 \|\| =0.97-r2 \|\| =0.97-r3 \|\| =0.97-r4 \|\| =0.97.1-r0 \|\| =0.97.2-r0 \|\| =0.97.3-r0 \|\| =0.97.3-r1 \|\| =0.97.3-r2 \|\| =0.97.3-r3 \|\| =0.97.4-r0 \|\| =0.97.4-r1 \|\| =0.97.4-r2 \|\| =0.97.5-r0 \|\| =0.97.6-r0 \|\| =0.97.6-r1 \|\| =0.97.7-r0 \|\| =0.97.8-r0 \|\| =0.97.8-r1 \|\| =0.97.8-r2 \|\| =0.98-r0 \|\| =0.98-r1 \|\| =0.98.1-r0 \|\| =0.98.1-r1 \|\| =0.98.1-r2 \|\| =0.98.3-r0 \|\| =0.98.4-r0 \|\| =0.98.4-r1 \|\| =0.98.5-r0 \|\| =0.98.6-r0 \|\| =0.98.6-r1 \|\| =0.98.6-r2 \|\| =0.98.7-r0 \|\| =0.98.7-r1 \|\| =0.98.7-r2 \|\| =0.99-r0 \|\| =0.99-r1 \|\| =0.99-r2 \|\| =0.99-r3 \|\| =0.99.1-r0 \|\| =0.99.1-r1 \|\| =0.99.1-r2 \|\| =0.99.2-r0 \|\| =0.99.2-r1 \|\| =0.99.2-r2 \|\| =0.99.2-r3 \|\| =0.99.2-r4 \|\| =0.99.2-r5 \|\| =0.99.2-r6 \|\| =0.99.3-r1 \|\| =0.99.3-r2 \|\| =0.99.3-r3 \|\| =0.99.4-r0 \|\| =0.99.4-r1 \|\| >=0 <0.100.1-r0	0.100.1-r0
nuget	libxml2	>=0 <=2.9.4	-
alpine v3.7	clamav	=0.94.2-r0 \|\| =0.94.2-r1 \|\| =0.94.2-r2 \|\| =0.95.1-r0 \|\| =0.95.1-r1 \|\| =0.95.2-r0 \|\| =0.95.2-r1 \|\| =0.95.3-r0 \|\| =0.95.3-r1 \|\| =0.96-r0 \|\| =0.96.1-r0 \|\| =0.96.2-r0 \|\| =0.96.3-r0 \|\| =0.96.4-r0 \|\| =0.96.5-r0 \|\| =0.97-r0 \|\| =0.97-r1 \|\| =0.97-r2 \|\| =0.97-r3 \|\| =0.97-r4 \|\| =0.97.1-r0 \|\| =0.97.2-r0 \|\| =0.97.3-r0 \|\| =0.97.3-r1 \|\| =0.97.3-r2 \|\| =0.97.3-r3 \|\| =0.97.4-r0 \|\| =0.97.4-r1 \|\| =0.97.4-r2 \|\| =0.97.5-r0 \|\| =0.97.6-r0 \|\| =0.97.6-r1 \|\| =0.97.7-r0 \|\| =0.97.8-r0 \|\| =0.97.8-r1 \|\| =0.97.8-r2 \|\| =0.98-r0 \|\| =0.98-r1 \|\| =0.98.1-r0 \|\| =0.98.1-r1 \|\| =0.98.1-r2 \|\| =0.98.3-r0 \|\| =0.98.4-r0 \|\| =0.98.4-r1 \|\| =0.98.5-r0 \|\| =0.98.6-r0 \|\| =0.98.6-r1 \|\| =0.98.6-r2 \|\| =0.98.7-r0 \|\| =0.98.7-r1 \|\| =0.98.7-r2 \|\| =0.99-r0 \|\| =0.99-r1 \|\| =0.99-r2 \|\| =0.99-r3 \|\| =0.99.1-r0 \|\| =0.99.1-r1 \|\| =0.99.1-r2 \|\| =0.99.2-r0 \|\| =0.99.2-r1 \|\| =0.99.2-r2 \|\| =0.99.2-r3 \|\| =0.99.2-r4 \|\| =0.99.2-r5 \|\| =0.99.2-r6 \|\| =0.99.4-r0 \|\| >=0 <0.100.1-r0	0.100.1-r0
alpine v3.12	clamav	=0.100.0-r0 \|\| =0.100.0-r1 \|\| =0.100.0-r2 \|\| =0.94.2-r0 \|\| =0.94.2-r1 \|\| =0.94.2-r2 \|\| =0.95.1-r0 \|\| =0.95.1-r1 \|\| =0.95.2-r0 \|\| =0.95.2-r1 \|\| =0.95.3-r0 \|\| =0.95.3-r1 \|\| =0.96-r0 \|\| =0.96.1-r0 \|\| =0.96.2-r0 \|\| =0.96.3-r0 \|\| =0.96.4-r0 \|\| =0.96.5-r0 \|\| =0.97-r0 \|\| =0.97-r1 \|\| =0.97-r2 \|\| =0.97-r3 \|\| =0.97-r4 \|\| =0.97.1-r0 \|\| =0.97.2-r0 \|\| =0.97.3-r0 \|\| =0.97.3-r1 \|\| =0.97.3-r2 \|\| =0.97.3-r3 \|\| =0.97.4-r0 \|\| =0.97.4-r1 \|\| =0.97.4-r2 \|\| =0.97.5-r0 \|\| =0.97.6-r0 \|\| =0.97.6-r1 \|\| =0.97.7-r0 \|\| =0.97.8-r0 \|\| =0.97.8-r1 \|\| =0.97.8-r2 \|\| =0.98-r0 \|\| =0.98-r1 \|\| =0.98.1-r0 \|\| =0.98.1-r1 \|\| =0.98.1-r2 \|\| =0.98.3-r0 \|\| =0.98.4-r0 \|\| =0.98.4-r1 \|\| =0.98.5-r0 \|\| =0.98.6-r0 \|\| =0.98.6-r1 \|\| =0.98.6-r2 \|\| =0.98.7-r0 \|\| =0.98.7-r1 \|\| =0.98.7-r2 \|\| =0.99-r0 \|\| =0.99-r1 \|\| =0.99-r2 \|\| =0.99-r3 \|\| =0.99.1-r0 \|\| =0.99.1-r1 \|\| =0.99.1-r2 \|\| =0.99.2-r0 \|\| =0.99.2-r1 \|\| =0.99.2-r2 \|\| =0.99.2-r3 \|\| =0.99.2-r4 \|\| =0.99.2-r5 \|\| =0.99.2-r6 \|\| =0.99.3-r1 \|\| =0.99.3-r2 \|\| =0.99.3-r3 \|\| =0.99.4-r0 \|\| =0.99.4-r1 \|\| >=0 <0.100.1-r0	0.100.1-r0
alpine v3.9	clamav	=0.100.0-r0 \|\| =0.100.0-r1 \|\| =0.100.0-r2 \|\| =0.94.2-r0 \|\| =0.94.2-r1 \|\| =0.94.2-r2 \|\| =0.95.1-r0 \|\| =0.95.1-r1 \|\| =0.95.2-r0 \|\| =0.95.2-r1 \|\| =0.95.3-r0 \|\| =0.95.3-r1 \|\| =0.96-r0 \|\| =0.96.1-r0 \|\| =0.96.2-r0 \|\| =0.96.3-r0 \|\| =0.96.4-r0 \|\| =0.96.5-r0 \|\| =0.97-r0 \|\| =0.97-r1 \|\| =0.97-r2 \|\| =0.97-r3 \|\| =0.97-r4 \|\| =0.97.1-r0 \|\| =0.97.2-r0 \|\| =0.97.3-r0 \|\| =0.97.3-r1 \|\| =0.97.3-r2 \|\| =0.97.3-r3 \|\| =0.97.4-r0 \|\| =0.97.4-r1 \|\| =0.97.4-r2 \|\| =0.97.5-r0 \|\| =0.97.6-r0 \|\| =0.97.6-r1 \|\| =0.97.7-r0 \|\| =0.97.8-r0 \|\| =0.97.8-r1 \|\| =0.97.8-r2 \|\| =0.98-r0 \|\| =0.98-r1 \|\| =0.98.1-r0 \|\| =0.98.1-r1 \|\| =0.98.1-r2 \|\| =0.98.3-r0 \|\| =0.98.4-r0 \|\| =0.98.4-r1 \|\| =0.98.5-r0 \|\| =0.98.6-r0 \|\| =0.98.6-r1 \|\| =0.98.6-r2 \|\| =0.98.7-r0 \|\| =0.98.7-r1 \|\| =0.98.7-r2 \|\| =0.99-r0 \|\| =0.99-r1 \|\| =0.99-r2 \|\| =0.99-r3 \|\| =0.99.1-r0 \|\| =0.99.1-r1 \|\| =0.99.1-r2 \|\| =0.99.2-r0 \|\| =0.99.2-r1 \|\| =0.99.2-r2 \|\| =0.99.2-r3 \|\| =0.99.2-r4 \|\| =0.99.2-r5 \|\| =0.99.2-r6 \|\| =0.99.3-r1 \|\| =0.99.3-r2 \|\| =0.99.3-r3 \|\| =0.99.4-r0 \|\| =0.99.4-r1 \|\| >=0 <0.100.1-r0	0.100.1-r0
alpine v3.10	clamav	=0.100.0-r0 \|\| =0.100.0-r1 \|\| =0.100.0-r2 \|\| =0.94.2-r0 \|\| =0.94.2-r1 \|\| =0.94.2-r2 \|\| =0.95.1-r0 \|\| =0.95.1-r1 \|\| =0.95.2-r0 \|\| =0.95.2-r1 \|\| =0.95.3-r0 \|\| =0.95.3-r1 \|\| =0.96-r0 \|\| =0.96.1-r0 \|\| =0.96.2-r0 \|\| =0.96.3-r0 \|\| =0.96.4-r0 \|\| =0.96.5-r0 \|\| =0.97-r0 \|\| =0.97-r1 \|\| =0.97-r2 \|\| =0.97-r3 \|\| =0.97-r4 \|\| =0.97.1-r0 \|\| =0.97.2-r0 \|\| =0.97.3-r0 \|\| =0.97.3-r1 \|\| =0.97.3-r2 \|\| =0.97.3-r3 \|\| =0.97.4-r0 \|\| =0.97.4-r1 \|\| =0.97.4-r2 \|\| =0.97.5-r0 \|\| =0.97.6-r0 \|\| =0.97.6-r1 \|\| =0.97.7-r0 \|\| =0.97.8-r0 \|\| =0.97.8-r1 \|\| =0.97.8-r2 \|\| =0.98-r0 \|\| =0.98-r1 \|\| =0.98.1-r0 \|\| =0.98.1-r1 \|\| =0.98.1-r2 \|\| =0.98.3-r0 \|\| =0.98.4-r0 \|\| =0.98.4-r1 \|\| =0.98.5-r0 \|\| =0.98.6-r0 \|\| =0.98.6-r1 \|\| =0.98.6-r2 \|\| =0.98.7-r0 \|\| =0.98.7-r1 \|\| =0.98.7-r2 \|\| =0.99-r0 \|\| =0.99-r1 \|\| =0.99-r2 \|\| =0.99-r3 \|\| =0.99.1-r0 \|\| =0.99.1-r1 \|\| =0.99.1-r2 \|\| =0.99.2-r0 \|\| =0.99.2-r1 \|\| =0.99.2-r2 \|\| =0.99.2-r3 \|\| =0.99.2-r4 \|\| =0.99.2-r5 \|\| =0.99.2-r6 \|\| =0.99.3-r1 \|\| =0.99.3-r2 \|\| =0.99.3-r3 \|\| =0.99.4-r0 \|\| =0.99.4-r1 \|\| >=0 <0.100.1-r0	0.100.1-r0
alpine v3.11	clamav	=0.100.0-r0 \|\| =0.100.0-r1 \|\| =0.100.0-r2 \|\| =0.94.2-r0 \|\| =0.94.2-r1 \|\| =0.94.2-r2 \|\| =0.95.1-r0 \|\| =0.95.1-r1 \|\| =0.95.2-r0 \|\| =0.95.2-r1 \|\| =0.95.3-r0 \|\| =0.95.3-r1 \|\| =0.96-r0 \|\| =0.96.1-r0 \|\| =0.96.2-r0 \|\| =0.96.3-r0 \|\| =0.96.4-r0 \|\| =0.96.5-r0 \|\| =0.97-r0 \|\| =0.97-r1 \|\| =0.97-r2 \|\| =0.97-r3 \|\| =0.97-r4 \|\| =0.97.1-r0 \|\| =0.97.2-r0 \|\| =0.97.3-r0 \|\| =0.97.3-r1 \|\| =0.97.3-r2 \|\| =0.97.3-r3 \|\| =0.97.4-r0 \|\| =0.97.4-r1 \|\| =0.97.4-r2 \|\| =0.97.5-r0 \|\| =0.97.6-r0 \|\| =0.97.6-r1 \|\| =0.97.7-r0 \|\| =0.97.8-r0 \|\| =0.97.8-r1 \|\| =0.97.8-r2 \|\| =0.98-r0 \|\| =0.98-r1 \|\| =0.98.1-r0 \|\| =0.98.1-r1 \|\| =0.98.1-r2 \|\| =0.98.3-r0 \|\| =0.98.4-r0 \|\| =0.98.4-r1 \|\| =0.98.5-r0 \|\| =0.98.6-r0 \|\| =0.98.6-r1 \|\| =0.98.6-r2 \|\| =0.98.7-r0 \|\| =0.98.7-r1 \|\| =0.98.7-r2 \|\| =0.99-r0 \|\| =0.99-r1 \|\| =0.99-r2 \|\| =0.99-r3 \|\| =0.99.1-r0 \|\| =0.99.1-r1 \|\| =0.99.1-r2 \|\| =0.99.2-r0 \|\| =0.99.2-r1 \|\| =0.99.2-r2 \|\| =0.99.2-r3 \|\| =0.99.2-r4 \|\| =0.99.2-r5 \|\| =0.99.2-r6 \|\| =0.99.3-r1 \|\| =0.99.3-r2 \|\| =0.99.3-r3 \|\| =0.99.4-r0 \|\| =0.99.4-r1 \|\| >=0 <0.100.1-r0	0.100.1-r0

1-10 of 18

Aliases

1. CVE-2017-169322. NVD-2017-169323. OSV-2017-169324. OSV-ALPINE-2017-169325. OSV-DEBIAN-2017-169326. GCVE-2017-169327. lists.debian.org8. lists.debian.org9. SECURITY-CVE-2017-1693210. SECURITY-TRACKER-CVE-2017-16932

References

1. https://github.com/sparklemotion/nokogiri/issues/17142. https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd9613. https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html4. https://bugzilla.gnome.org/show_bug.cgi?id=7595795. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml6. https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E7. https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E8. https://usn.ubuntu.com/3739-19. http://xmlsoft.org/news.html