Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:4240
HistoryMay 17, 2017 - 6:00 a.m.

Multiple Stack Overflows Through Embedded C Dependency

2017-05-1706:00:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14

EPSS

0.003

Percentile

69.1%

nokogiri has a copied version of the Libxml2 library. Libxml2 is susceptible to 2 stack overflow vulnerabilities. The first is CVE-2017-9047. The function xmlSnprintfElementContent in valid.c does not recursively dump the element content definition into a char buffer buf of size size. When the content->prefix is appended to buf, the content->name is written to the buffer. It checks whether the name will fit into the buffer, however it uses the len variable as the buffer length rather than the concatenated strlen(buf) variable. This only happens when content->type is XML_ELEMENT_CONTENT_ELEMENT. Failing to do this check correctly, allows attackers to write extra bytes beyond the allocated memory. The second is CVE-2017-9048. The end of the function xmlSnprintfElementContent in valid.c. Libxml2 doesnโ€™t check that strlen(buf) +2 < size which allows the function to strcat 2 more characters.

CPENameOperatorVersion
nokogirile1.8.0