CVE-2017-16229

2018-02-2622:29:00

Google

osv.dev

0.001 Low

EPSS

Percentile

28.7%

JSON

In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.

CPENameOperatorVersion
oxeq1.9.2
oxeq1.8.9
oxeq1.8.6
oxeq2.0.2
oxeq1.6.4
oxeq2.0.9
oxeq2.2.1
oxeq2.4.2
oxeq2.7.0
oxeq2.0.10

Name	Operator	Version
ox	eq	1.9.2
ox	eq	1.8.9
ox	eq	1.8.6
ox	eq	2.0.2
ox	eq	1.6.4
ox	eq	2.0.9
ox	eq	2.2.1
ox	eq	2.4.2
ox	eq	2.7.0
ox	eq	2.0.10

Rows per page:

1-10 of 701

References

github.com/ohler55/ox/issues/195

rubygems.org/gems/ox/versions/2.8.1

0.001 Low

EPSS

Percentile

28.7%

JSON

Related for OSV:CVE-2017-16229