CVE-2026-57235

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

CVE-2026-57235

Nokogiri (Ruby) prior to 1.19.4 is affected by an out-of-bounds read in Nokogiri::XML::NodeSet#[] (and #slice) caused by checking the index with a 32-bit-truncated copy. A large negative index could pass the check and be used at full width, reading outside the node set’s storage. On CRuby this re...

CVE-2026-57235 Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

EUVD-2026-39422

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

GHSA-5PRR-V3J2-97MH Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`

Summary Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an...

Fedora 41 : open62541 (2025-2b2997564c)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-2b2997564c advisory. Changes in v1.4.13: server: Cover edge-case in the EventFilter validation client: Cover edge-case in the UserTokenPolicy validation arch: Process delayed...

UA-Nodeset 代码问题漏洞

UA-Nodeset is a UA node set from the OPC Foundation of America. A code issue vulnerability exists in OPC UA-Nodeset version 1.05.01-2022-02-24 and all previous versions, which stems from the automatically generated ANSI C heap store not handling all error cases...

CVE-2013-5651

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via a crafted bitmap, as demonstrated by a large nodeset value to numatune...

CVE-2013-5651

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via a crafted bitmap, as demonstrated by a large nodeset value to numatune...

libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when addi...

libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when addi...

Fedora 14 : libxml-1.8.17-27.fc14 (2011-7856)

This update addresses CVE-2011-1944 heap-based buffer overflow by adding a new namespace node to an existing nodeset or merging nodesets. It is described in detail at http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-an d-interesting.html It also fixes the broken xpath...