HIGH 7.5

GHSA-8c56-cpmw-89x7

Out-of-bounds read in nokogiri

상세

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. GitHub is notifying on nokogiri as uses libxml2.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

RubyGems / nokogiri

최초 영향 버전: 0 수정 버전: 1.8.1

수정 bundle update nokogiri

참고

https://nvd.nist.gov/vuln/detail/CVE-2017-9050 [ADVISORY]
https://security.gentoo.org/glsa/201711-01 [WEB]
http://www.debian.org/security/2017/dsa-3952 [WEB]
http://www.openwall.com/lists/oss-security/2017/05/15/1 [WEB]