CNNVD-202506-2920 Information
CNNVD ID
CNNVD-202506-2920
Related CVE
- CNNVD Published: 2025-06-22
Description (Chinese)
Sparkle Motion Nokogiri是Sparkle Motion开源的一个处理xml和html文件的软件。 Sparkle Motion Nokogiri 1.18.7及之前版本存在安全漏洞,该漏洞源于文件gumbo-parser/src/hashmap.c中函数hashmap_set_with_hash存在堆缓冲区溢出。
Description (English)
Sparkle Motion Nokogiri is a software for processing xml and html files from Sparkle Motion Open. Sparkle Motion Nokogiri 1.18.7 and previous versions contain a security loophole that originates from the flood of buffer zones in the document gumbo-parser/src/hashmap.c. Hashmap set west hash.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Sparkle Motion
Published
2025-06-22
Last Modified
2026-02-24
References
https://github.com/sparklemotion/nokogiri/issues/3500 https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a https://vuldb.com/?submit.601005 https://vuldb.com/?id.313601 https://github.com/user-attachments/files/19625432/nokogiri_crash.txt https://github.com/sparklemotion/nokogiri/pull/3524 https://vuldb.com/?ctiid.313601 https://access.redhat.com/security/cve/cve-2025-6490
Patch
https://github.com/sparklemotion/nokogiri/releases
Share on: