Denial of Service (DoS)

Affecting nokogiri gem, versions <1.8.5

high severity

Overview

nokogiri is an HTML, XML, SAX, and Reader parser. Among Nokogiri's features is the ability to search documents via XPath or CSS3 selectors.

Affected versions of this package are vulnerable to several Denial of Service (DoS) vulnerabilities. Nokogiri bundles the libxml2 library, which is vulnerable in versions through 2.9.6.

CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application

CVE-2018-14567

If --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint infinite loop in LZMA decompression.

Remediation

Upgrade nokogiri to version 1.8.5 or higher.

References

Do your applications use this vulnerable package?

Credit
Unknown
CVE
CVE-2018-14404
CWE
CWE-476
Snyk ID
SNYK-RUBY-NOKOGIRI-72433
Disclosed
05 Oct, 2018
Published
10 Oct, 2018