In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.
References
Link | Resource |
---|---|
https://github.com/ohler55/ox/issues/195 | Exploit Third Party Advisory |
https://rubygems.org/gems/ox/versions/2.8.1 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-02-26 22:29
Updated : 2024-02-28 16:25
NVD link : CVE-2017-16229
Mitre link : CVE-2017-16229
CVE.ORG link : CVE-2017-16229
JSON object : View
Products Affected
ox_project
- ox
CWE
CWE-125
Out-of-bounds Read