Lucene search

K
githubGitHub Advisory DatabaseGHSA-JXJR-5H69-QW3W
HistorySep 17, 2018 - 9:57 p.m.

Heap-based buffer overflow in nokogiri

2018-09-1721:57:38
CWE-119
GitHub Advisory Database
github.com
18

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.002

Percentile

64.9%

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application.

Affected configurations

Vulners
Node
nokogirinokogiriRange1.6.7.1
CPENameOperatorVersion
nokogirile1.6.7.1

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.002

Percentile

64.9%