Uncontrolled Memory Allocation

Affecting nokogiri gem, versions <1.10.5

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

nokogiri is a gem for parsing HTML, XML, SAX, and Reader.

Affected versions of this package are vulnerable to Uncontrolled Memory Allocation. Nokogiri bundles the libxslt C library, that has been recently discovered to have vulnerabilities.

CVE-2019-13117 In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

CVE-2019-13118 In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data

CVE-2019-18197 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

Remediation

Upgrade nokogiri to version 1.10.5 or higher.

References

CVSS Score

8.9
high severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Changed
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    Low
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
Credit
Unknown
CWE
CWE-789
Snyk ID
SNYK-RUBY-NOKOGIRI-534637
Disclosed
17 Nov, 2019
Published
19 Nov, 2019