In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.
References
Link | Resource |
---|---|
https://github.com/ohler55/ox/issues/195 | Exploit Third Party Advisory |
https://rubygems.org/gems/ox/versions/2.8.1 | Third Party Advisory |
https://github.com/ohler55/ox/issues/195 | Exploit Third Party Advisory |
https://rubygems.org/gems/ox/versions/2.8.1 | Third Party Advisory |
Configurations
History
21 Nov 2024, 03:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/ohler55/ox/issues/195 - Exploit, Third Party Advisory | |
References | () https://rubygems.org/gems/ox/versions/2.8.1 - Third Party Advisory |
Information
Published : 2018-02-26 22:29
Updated : 2024-11-21 03:16
NVD link : CVE-2017-16229
Mitre link : CVE-2017-16229
CVE.ORG link : CVE-2017-16229
JSON object : View
Products Affected
ox_project
- ox
CWE
CWE-125
Out-of-bounds Read