3 matches found
CVE-2026-57438
A flaw was found in Nokogiri, an XML and HTML library for the Ruby programming language. When performing XInclude substitutions, the library prematurely frees memory associated with nodes and namespaces. If an application has exposed these freed objects to Ruby, a local attacker could potentially...
SUSE CVE-2022-29181
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
Out-of-bounds Write
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Out-of-bounds Write via the zlib dependency which allows memory corruption when deflating if the input has many distant matches. Remediation Upgrade nokogiri to version 1.13.4 or...