漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception
Vulnerability Description
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only after freeing the document's current encoding string without replacing it. The document is left referencing freed memory, so the next call to Document#encoding reads invalid memory, which can cause a segfault or leak freed bytes into a Ruby String. Affects the CRuby (libxml2) implementation only; JRuby is not affected. This vulnerability is fixed in 1.19.4.
CVSS Information
N/A
Vulnerability Type
释放后使用
Vulnerability Title
Sparkle Motion Nokogiri 资源管理错误漏洞
Vulnerability Description
Sparkle Motion Nokogiri是Sparkle Motion个人开发者的一个HTML、XML和SAX解析库。 Sparkle Motion Nokogiri 1.19.4之前版本存在资源管理错误漏洞,该漏洞源于使用无效编码调用Document#encoding=时释放了文档当前编码字符串但未替换,导致文档引用已释放内存,下次调用Document#encoding会读取无效内存,可能导致段错误或将释放的字节泄露到Ruby字符串中。
CVSS Information
N/A
Vulnerability Type
N/A