Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-16229

UNKNOWN
Published 2018-02-26T22:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-16229. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Ox gem stack overflow in sax_parse

GHSA-wfwm-chj7-w59r

Advisory Details

In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the `read_from_str` function in `sax_buf.c` when a crafted input is supplied to `sax_parse`.

Affected Packages

RubyGems ox
ECOSYSTEM: ≥0 <2.8.2

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-16229
WEB https://github.com/ohler55/ox/issues/195
PACKAGE https://github.com/ohler55/ox
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ox/CVE-2017-16229.yml
WEB https://rubygems.org/gems/ox/versions/2.8.1

Advisory provided by GitHub Security Advisory Database. Published: March 5, 2018, Modified: August 29, 2023

References

https://rubygems.org/gems/ox/versions/2.8.1
https://github.com/ohler55/ox/issues/195
Published: 2018-02-26T22:00:00
Last Modified: 2024-08-05T20:20:05.223Z
Copied to clipboard!