CVE-2017-9050

Out-of-bounds read in nokogiri

Description

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. GitHub is notifying on nokogiri as uses libxml2.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

RPM

Publish Date

December 13, 2017

Modified Date

November 7, 2023

Score Vector

Affected Versions