Fluid Attacks Database

Description

Denial of service or RCE from libxml2 and libxslt Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rubygems	nokogiri	>=1.6.0 <1.6.8	1.6.8
debian 12	libxml2	>=0 <2.9.3+dfsg1-1.1	2.9.3+dfsg1-1.1
debian 13	libxml2	>=0 <2.9.3+dfsg1-1.1	2.9.3+dfsg1-1.1
nuget	libxml2	>=0 <2.9.4	-
debian 14	libxml2	>=0 <2.9.3+dfsg1-1.1	2.9.3+dfsg1-1.1
debian 11	libxml2	>=0 <2.9.3+dfsg1-1.1	2.9.3+dfsg1-1.1

Aliases

1. CVE-2015-88062. NVD-2015-88063. OSV-2015-88064. OSV-DEBIAN-2015-88065. GCVE-2015-88066. security.gentoo.org7. SECURITY-TRACKER-CVE-2015-8806

References

1. https://github.com/sparklemotion/nokogiri/issues/14732. https://bugzilla.gnome.org/show_bug.cgi?id=7491153. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml4. https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/820715. https://www.debian.org/security/2016/dsa-35936. http://www.openwall.com/lists/oss-security/2016/02/03/57. http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html8. http://www.ubuntu.com/usn/USN-2994-1