-
-
Notifications
You must be signed in to change notification settings - Fork 218
/
CVE-2016-4658.yml
32 lines (30 loc) · 1.08 KB
/
CVE-2016-4658.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
gem: nokogiri
cve: 2016-4658
ghsa: fr52-4hqw-p27f
url: https://github.com/sparklemotion/nokogiri/issues/1615
title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
date: 2017-03-11
description: |
Nokogiri version 1.7.1 has been released, pulling in several upstream
patches to the vendored libxml2 to address the following CVEs:
CVE-2016-4658
CVSS v3 Base Score: 9.8 (Critical)
libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and
watchOS before 3 allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption) via a crafted XML document.
CVE-2016-5131
CVSS v3 Base Score: 8.8 (HIGH)
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google
Chrome before 52.0.2743.82, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors related to
the XPointer range-to function.
cvss_v2: 10.0
cvss_v3: 9.8
patched_versions:
- ">= 1.7.1"
related:
cve:
- 2016-5131
url:
- https://github.com/sparklemotion/nokogiri/issues/1615