Lucene search
Veracode Vulnerability DatabaseVERACODE:4242HistoryMay 17, 2017 - 6:35 a.m.
Heap-based Buffer Overflow Through Embedded C Dependency
2017-05-1706:35:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.002 Low
EPSS
Percentile
62.0%
nokogiri has a copied version of the libxml2 library. The copy that nokogiri includes is vulnerable to heap-based buffer overflow due to an incomplete fix for CVE-2016-1839. The buffer overflow is caused due to a flaw in the xmlDictAddString function in dict.c. This vulnerability in libxml2 is referred to as CVE-2017-9050.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nokogiri | le | 1.8.0 | |
| libxml2.so | le | 2.7.6 |
References
www.debian.org/security/2017/dsa-3952
www.openwall.com/lists/oss-security/2017/05/15/1
www.securityfocus.com/bid/98568
bugzilla.gnome.org/show_bug.cgi?id=758605
bugzilla.novell.com/show_bug.cgi?id=1039069
github.com/sparklemotion/nokogiri/issues/1673
lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
security.gentoo.org/glsa/201711-01
www.sourceclear.com/registry/security/heap-based-buffer-overflow/ruby/sid-4243
Related
nvd
nvd
CVE-2017-9050
2017-05-18 06:29:00
CVE-2016-1839
2016-05-20 10:59:53
osv
osv
Out-of-bounds read in nokogiri
2017-12-13 21:38:24
libxml2 - security update
2017-06-30 00:00:00
libxml2 - security update
2017-08-23 00:00:00
prion
prion
Heap overflow
2017-05-18 06:29:00
Heap overflow
2016-05-20 10:59:00
cvelist
cvelist
CVE-2017-9050
2017-05-18 06:13:00
CVE-2016-1839
2016-05-20 10:00:00
cve
cve
CVE-2017-9050
2017-05-18 06:29:00
CVE-2016-1839
2016-05-20 10:59:53
redhatcve
redhatcve
CVE-2017-9050
2017-05-19 08:26:34
CVE-2016-1839
2016-07-18 14:20:04
github
github
Out-of-bounds read in nokogiri
2017-12-13 21:38:24
debiancve
debiancve
CVE-2017-9050
2017-05-18 06:29:00
CVE-2016-1839
2016-05-20 10:59:53
ubuntucve
ubuntucve
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:1454-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1268)
2020-03-19 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2211)
2020-01-23 00:00:00
nessus
nessus
openSUSE Security Update : libxml2 (openSUSE-2017-663)
2017-06-09 00:00:00
SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1454-1)
2017-05-31 00:00:00
F5 Networks BIG-IP : libxml2 vulnerability (K26422113)
2016-12-20 00:00:00
veracode
veracode
Heap-based Buffer Overflow Through Embedded C Dependency
2017-05-17 06:47:14
Denial Of Service (DoS)
2018-05-14 07:48:10
Vulnerability Through C Libraries
2017-11-01 05:30:33
zdt
zdt
libxml2 - xmlDictAddString Heap Based Buffer Overread
2016-02-24 00:00:00
f5
f5
K26422113 : libxml2 vulnerability CVE-2016-1839
2016-12-07 00:00:00
freebsd
freebsd
libxml2 -- Multiple Issues
2017-05-10 00:00:00
libxml2 -- multiple vulnerabilities
2016-05-23 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in libxml2 affect IBM Flex System Networking Switch Products
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in libxml2 affect IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in libxml2 affect IBM RackSwitch Products
2019-01-31 02:25:02
debian
debian
[SECURITY] [DLA 1008-1] libxml2 security update
2017-06-30 20:47:21
[SECURITY] [DSA 3952-1] libxml2 security update
2017-08-23 04:54:22
[SECURITY] [DSA 3952-1] libxml2 security update
2017-08-23 04:54:22
cloudfoundry
cloudfoundry
USN-3424-1: libxml2 vulnerabilities | Cloud Foundry
2017-11-01 00:00:00
USN-2994-1 libxml2 vulnerabilities | Cloud Foundry
2016-06-13 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2017-09-19 00:00:00
libxml2 vulnerabilities
2017-10-10 00:00:00
libxml2 vulnerabilities
2016-06-06 00:00:00
photon
photon
altlinux
altlinux
rubygems
rubygems
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
2017-09-18 21:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-11-10 00:00:00
libxml2: Multiple vulnerabilities
2017-01-16 00:00:00
archlinux
archlinux
libxml2: multiple issues
2016-05-26 00:00:00
suse
suse
Security update for libxml2 (important)
2016-06-16 13:08:21
Security update for libxml2 (important)
2016-06-17 15:08:25
Security update for libxml2 (important)
2016-06-09 18:07:56
mageia
mageia
Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities
2018-01-03 18:50:51
Updated libxml2 packages fix security vulnerability
2016-07-27 00:59:16
oraclelinux
oraclelinux
libxml2 security update
2016-06-23 00:00:00
centos
centos
libxml2 security update
2016-06-23 15:28:21
redhat
redhat
(RHSA-2016:1292) Important: libxml2 security update
2016-06-23 08:21:08
amazon
amazon
Important: libxml2
2016-07-14 16:30:00
fedora
fedora
[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25
2017-04-19 09:32:17
[SECURITY] Fedora 24 Update: libxml2-2.9.4-2.fc24
2017-04-19 07:53:28
symantec
symantec
SA129 : Multiple libxml2 Vulnerabilities
2016-09-01 08:00:00
apple
apple
About the security content of watchOS 2.2.1
2016-05-16 00:00:00
About the security content of iTunes 12.7 for Windows - Apple Support
2018-10-18 05:03:03
About the security content of iTunes 12.7 for Windows
2017-09-12 00:00:00