Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2015-5312: Nokogiri gem contains several vulnerabilities in libxml2 #173

Closed
thesp0nge opened this issue Jan 7, 2016 · 0 comments
Closed

CVE-2015-5312: Nokogiri gem contains several vulnerabilities in libxml2 #173

thesp0nge opened this issue Jan 7, 2016 · 0 comments
Labels
new security check
Milestone
v1-6-0

Comments

@thesp0nge
Copy link
Owner

https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s

UNAFFECTED VERSIONS
< 1.6.0
PATCHED VERSIONS
>= 1.6.7.1
DESCRIPTION
Nokogiri version 1.6.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2015-5312 CVSS v2 Base Score: 7.1 (HIGH) The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. CVE-2015-7497 CVSS v2 Base Score: 5.0 (MEDIUM) Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. CVE-2015-7498 CVSS v2 Base Score: 5.0 (MEDIUM) Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. CVE-2015-7499 CVSS v2 Base Score: 5.0 (MEDIUM) Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. CVE-2015-7500 CVSS v2 Base Score: 5.0 (MEDIUM) The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. CVE-2015-8241 CVSS v2 Base Score: 6.4 (MEDIUM) The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. CVE-2015-8242 CVSS v2 Base Score: 5.8 (MEDIUM) The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. CVE-2015-8317 CVSS v2 Base Score: 5.0 (MEDIUM) The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
@thesp0nge thesp0nge added this to the v1-5-5 milestone Jan 7, 2016
@thesp0nge thesp0nge modified the milestones: v1-5-5, v1-5-3 Jan 26, 2016
thesp0nge added a commit that referenced this issue Feb 2, 2016
@thesp0nge
* BUGFIX in is_same_version? when a beta version is to be evaluated, …
723b787 
…during comparison the beta number must be discarded.

* BUGFIX in is_vulnerable_beta? handling situation when either safe version or detected version doesn't have the beta number
* BUGFIX in is_vulnerable_rc? handling situation when either safe version or detected version doesn't have the rc number
* BUGFIX in is_vulnerable_pre? handling situation when either safe version or detected version doesn't have the pre number
* Issue #173 handles a lot of CVE about nokogiri:
        - CVE-2015-5312: DoS in xmlStringLenDecodeEntities()
thesp0nge added a commit that referenced this issue Feb 2, 2016
@thesp0nge
* Issue #173 handles a lot of CVE about nokogiri:
c6fa5fa 
  - CVE-2015-7497: DoS in xmlDictComputeFastQKey()
thesp0nge added a commit that referenced this issue Feb 2, 2016
@thesp0nge
* Issue #173 handles a lot of CVE about nokogiri:
ad20d31 
  - CVE-2015-7498: DoS in xmlParseXmlDecl()
thesp0nge added a commit that referenced this issue Feb 2, 2016
@thesp0nge
* Issue #173 handles a lot of CVE about nokogiri:
2be5e84 
  - CVE-2015-7499: In memory information disclosure due to heap-based buffer overflow in the xmlGROW()
thesp0nge added a commit that referenced this issue Feb 2, 2016
@thesp0nge
* Issue #173 handles a lot of CVE about nokogiri:
e49fef6 
  - CVE-2015-7500: DoS in xmlParseMisc()
thesp0nge added a commit that referenced this issue Feb 2, 2016
@thesp0nge
* Issue #173 handles a lot of CVE about nokogiri rubygem due to libxm…
6505390 
…l version embedded on it:

  - CVE-2015-8241: Information disclosure and DoS in xmlNextChar()
thesp0nge added a commit that referenced this issue Feb 2, 2016
@thesp0nge
* Issue #173 handles a lot of CVE about nokogiri rubygem due to libxm…
898864e 
…l version embedded on it:

  - CVE-2015-8242: Information disclosure and DoS in xmlSAX2TextNode()
thesp0nge added a commit that referenced this issue Feb 2, 2016
@thesp0nge
* Issue #173 handles a lot of CVE about nokogiri rubygem due to libxm…
6228ccf 
…l version embedded on it:

  - CVE-2015-8317: Information disclosure in xmlParseXMLDecl()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new security check
Projects
None yet
Milestone
v1-6-0
Development

No branches or pull requests
1 participant
@thesp0nge