CVE-2025-58767

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-58767

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-58767.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-58767

Aliases

GHSA-c2f4-jgmc-q2r5

Downstream

BELL-CVE-2025-58767

DEBIAN-CVE-2025-58767

MINI-32f4-q38f-265p

MINI-5f99-r283-2wqp

MINI-5h4w-q34g-h7xr

MINI-6g55-h792-9q8v

MINI-6j48-8p6h-vrc3

MINI-899g-gjvg-6v3r

MINI-9m43-p63c-cq92

MINI-c45x-3vgw-5c9v

MINI-h2xp-95vc-wm58

MINI-j2vw-xgpx-r8c7

MINI-m86r-qphm-hjq2

MINI-mcmw-6hhq-fqj2

MINI-mcq5-4qg9-w4cg

MINI-qhrq-67q2-75xg

MINI-qrgc-hv33-22vq

MINI-rc45-4v34-5mgr

MINI-w4c2-mq72-v5cx

UBUNTU-CVE-2025-58767

Related

Published

2025-09-17T17:45:58Z

Modified

2025-10-18T06:53:56.994190Z

Severity

1.2 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

REXML has a DoS condition when parsing malformed XML file

Details

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

References

Affected packages

Git / github.com/ruby/rexml

Affected ranges

Type: GIT
Repo: https://github.com/ruby/rexml
Events: Introduced

e4a067e11235a2ec7a00616d41350485e384ec05

Fixed

f36916fe1c66b8cdc1fe482263115625e084d8fe

Affected versions

v3.*

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.1