Описание
Denial of service or RCE from libxml2 and libxslt
Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-8806
- https://github.com/sparklemotion/nokogiri/issues/1473
- https://bugzilla.gnome.org/show_bug.cgi?id=749115
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml
- https://security.gentoo.org/glsa/201701-37
- https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071
- https://www.debian.org/security/2016/dsa-3593
- http://www.openwall.com/lists/oss-security/2016/02/03/5
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.ubuntu.com/usn/USN-2994-1
Пакеты
nokogiri
>= 1.6.0, < 1.6.8
1.6.8
Связанные уязвимости
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
dict.c in libxml2 allows remote attackers to cause a denial of service ...
Уязвимость библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании