MEDIUM
GHSA-jxjr-5h69-qw3w
Heap-based buffer overflow in nokogiri
상세
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2015-7499 [ADVISORY]
- https://bugzilla.redhat.com/show_bug.cgi?id=1281925 [WEB]
- https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc [WEB]
- https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da [WEB]
- https://github.com/advisories/GHSA-jxjr-5h69-qw3w [ADVISORY]
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml [WEB]
- https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM [WEB]
- https://security.gentoo.org/glsa/201701-37 [WEB]
- https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509 [WEB]
- https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243 [WEB]
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html [WEB]
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2015-2549.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2015-2550.html [WEB]
- http://www.debian.org/security/2015/dsa-3430 [WEB]
- http://www.ubuntu.com/usn/USN-2834-1 [WEB]
- http://xmlsoft.org/news.html [WEB]