oss-sec mailing list archives
CVE Request: rubygem-nokogiri Multiple DoS vulnerabilities
From: Ratul Gupta <ratulg () redhat com>
Date: Fri, 27 Dec 2013 01:17:50 +0530
Hello, 1) https://bugzilla.redhat.com/show_bug.cgi?id=1046663Nokogiri gem for Ruby was found to be affected by a DoS vulnerability, where an error when parsing XML documents can be exploited by an attacker to cause an infinite loop and subsequently exhaust memory and cause a crash via a specially crafted XML document.
2) https://bugzilla.redhat.com/show_bug.cgi?id=1046664Nokogiri gem for Ruby was found to be affected by a DoS vulnerability, where an error when parsing XML entities and can be exploited to exhaust memory and cause a crash via a specially crafted XML document including external entity references.
Can CVE's please be assigned to these issues? -- Regards, Ratul Gupta / Red Hat Security Response Team
Current thread:
- CVE Request: rubygem-nokogiri Multiple DoS vulnerabilities Ratul Gupta (Dec 26)
- Re: CVE Request: rubygem-nokogiri Multiple DoS vulnerabilities Kurt Seifried (Dec 26)