GitHub Advisory DatabaseGHSA-X2FM-93WW-GGVXNokogiri gem, via libxml, is affected by DoS vulnerabilities
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.011 Low
EPSS
Percentile
84.3%
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
References
xmlsoft.org/news.html
blog.clamav.net/2018/07/clamav-01001-has-been-released.html
bugzilla.gnome.org/show_bug.cgi?id=759579
github.com/advisories/GHSA-x2fm-93ww-ggvx
github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml
github.com/sparklemotion/nokogiri/issues/1714
lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
lists.debian.org/debian-lts-announce/2017/11/msg00041.html
lists.debian.org/debian-lts-announce/2022/04/msg00004.html
nvd.nist.gov/vuln/detail/CVE-2017-16932
usn.ubuntu.com/3739-1/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.011 Low
EPSS
Percentile
84.3%