CRITICAL 9.8

GHSA-fr52-4hqw-p27f

Nokogiri does not forbid namespace nodes in XPointer ranges

Details

xpointer.c in libxml2 before 2.9.5 (as used in nokogiri before 1.7.1 amongst other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

Are you affected?

Enter the version of the package you're using.

Affected packages

RubyGems / nokogiri

Introduced in: 0 Fixed in: 1.7.1

Fix bundle update nokogiri

References

https://nvd.nist.gov/vuln/detail/CVE-2016-4658 [ADVISORY]
https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b [WEB]
https://security.gentoo.org/glsa/201701-37 [WEB]
https://support.apple.com/HT207141 [WEB]
https://support.apple.com/HT207142 [WEB]
https://support.apple.com/HT207143 [WEB]
https://support.apple.com/HT207170 [WEB]
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html [WEB]
http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html [WEB]
http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html [WEB]
http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html [WEB]