CNNVD-202506-2926 Information
CNNVD ID
CNNVD-202506-2926
Related CVE
- CNNVD Published: 2025-06-22
Description (Chinese)
Nokogiri是一款用于解析Ruby中HTML和XML的开源软件库。 Nokogiri 1.18.7及之前版本存在安全漏洞,该漏洞源于文件gumbo-parser/src/hashmap.c中函数hashmap_get_with_hash存在堆缓冲区溢出。
Description (English)
Nokogiri is an open source library for the resolution of HTML and XML in Ruby. Nokogiri 1.18.7 and previous versions contain a security loophole that originates from the flood of buffers in document gumbo-parser/src/hashmap.c. Hashmap get with hash.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Live Support
Published
2025-06-22
Last Modified
2026-02-24
References
https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a https://vuldb.com/?submit.601006 https://github.com/sparklemotion/nokogiri/issues/3508 https://vuldb.com/?id.313611 https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt https://vuldb.com/?ctiid.313611 https://github.com/sparklemotion/nokogiri/pull/3524 https://access.redhat.com/security/cve/cve-2025-6494
Patch
https://github.com/sparklemotion/nokogiri/releases
Share on: