GHSA-pf6m-fxpq-fg8v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pf6m-fxpq-fg8v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-pf6m-fxpq-fg8v/GHSA-pf6m-fxpq-fg8v.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-pf6m-fxpq-fg8v
- Aliases
- Published
- 2018-07-31T18:21:29Z
- Modified
- 2023-11-01T05:42:30.761744Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Nokogiri implementation of libxslt lacks integer overflow checks
- Details
-
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Nokogiri prior to 1.7.2, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
- Database specific
{ "nvd_published_at": "2017-04-24T23:59:00Z", "cwe_ids": [ "CWE-787" ], "severity": "HIGH", "github_reviewed_at": "2020-06-16T21:48:58Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-5029
- https://github.com/sparklemotion/nokogiri/issues/1634
- https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
- https://github.com/advisories/GHSA-pf6m-fxpq-fg8v
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml
- https://github.com/sparklemotion/nokogiri
- https://ubuntu.com/security/CVE-2017-5029
- https://ubuntu.com/security/notices/USN-3271-1
Affected packages
RubyGems / nokogiri
Package
- Name
- nokogiri
- Purl
- pkg:gem/nokogiri
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.2
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.3.1
1.3.2
1.3.3
1.4.0
1.4.1
1.4.2
1.4.2.1
1.4.3
1.4.3.1
1.4.4
1.4.4.1
1.4.4.2
1.4.5
1.4.6
1.4.7
1.5.0.beta.1
1.5.0.beta.2
1.5.0.beta.3
1.5.0.beta.4
1.5.0
1.5.1.rc1
1.5.1
1.5.2
1.5.3.rc2
1.5.3.rc3
1.5.3.rc4
1.5.3.rc5
1.5.3.rc6
1.5.3
1.5.4.rc1
1.5.4.rc2
1.5.4.rc3
1.5.4
1.5.5.rc1
1.5.5.rc2
1.5.5.rc3
1.5.5
1.5.6.rc1
1.5.6.rc2
1.5.6.rc3
1.5.6
1.5.7.rc1
1.5.7.rc2
1.5.7.rc3
1.5.7
1.5.8
1.5.9
1.5.10
1.5.11
1.6.0.rc1
1.6.0
1.6.1
1.6.2.rc1
1.6.2.rc2
1.6.2.rc3
1.6.2
1.6.2.1
1.6.3.rc1
1.6.3.rc2
1.6.3.rc3
1.6.3
1.6.3.1
1.6.4
1.6.4.1
1.6.5
1.6.6.1
1.6.6.2
1.6.6.3
1.6.6.4
1.6.7.rc2
1.6.7.rc3
1.6.7.rc4
1.6.7
1.6.7.1
1.6.7.2
1.6.8.rc1
1.6.8.rc2
1.6.8.rc3
1.6.8
1.6.8.1
1.7.0
1.7.0.1
1.7.1