RubySec

Providing security resources for the Ruby community

CVE-2017-16229 (ox): ox ruby gem stack overflow in sax_parse

ADVISORIES

GEM

ox

SEVERITY

CVSS v3: 5.5

CVSS v2: 4.3

PATCHED VERSIONS

  • >= 2.8.2

DESCRIPTION

In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.