Plateforme
ruby
Composant
nokogiri
Corrigé dans
1.7.1
CVE-2016-4658 is a critical use-after-free vulnerability affecting Nokogiri versions up to 1.7.0.1. This flaw, originating in libxml2, allows attackers to potentially execute arbitrary code or cause a denial of service by crafting malicious XML documents. The vulnerability was published in 2018 and a fix is available in Nokogiri 1.7.1.
The core of this vulnerability lies in how Nokogiri, which relies on libxml2 for XML parsing, handles XPointer ranges. libxml2, prior to version 2.9.5, fails to prevent namespace nodes within these ranges, creating a scenario where an attacker can manipulate the XML structure to trigger a use-after-free condition. This can lead to arbitrary code execution, granting an attacker complete control over the affected system. Alternatively, the memory corruption caused by the vulnerability can result in a denial of service, crashing the application or the entire system. The impact is particularly severe because Nokogiri is widely used in Ruby applications for parsing and manipulating XML data, making a broad range of systems potentially vulnerable.
CVE-2016-4658 gained significant attention due to its CRITICAL severity and potential for remote code execution. While no active exploitation campaigns have been publicly confirmed, the vulnerability's presence in a widely used library like Nokogiri makes it a high-priority target. It was added to the CISA KEV catalog, indicating a potential for exploitation. A public proof-of-concept was released, demonstrating the feasibility of exploiting the vulnerability.
Ruby applications that rely on Nokogiri for XML parsing are at risk, particularly those processing untrusted XML data from external sources. Applications using older versions of Nokogiri in production environments, especially those with limited update cycles, are particularly vulnerable. Shared hosting environments where users have the ability to upload or process XML files are also at increased risk.
• ruby / gem: Check Nokogiri version using gem list nokogiri. If the version is less than 1.7.1, the system is vulnerable.
• ruby / gem: Inspect application logs for errors related to XML parsing or libxml2.
• generic web: Monitor web server access logs for unusual XML requests, particularly those utilizing XPointer syntax.
• generic web: Use a web application firewall (WAF) to block requests containing potentially malicious XML payloads.
discovery
disclosure
poc
patch
kev
Statut de l'Exploit
EPSS
18.10% (percentile 95%)
Vecteur CVSS
The primary mitigation for CVE-2016-4658 is to upgrade Nokogiri to version 1.7.1 or later. This version incorporates the fix from libxml2 2.9.5, which properly handles namespace nodes in XPointer ranges. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing input validation to sanitize XML documents before parsing. Specifically, restrict the use of XPointer ranges and carefully validate the structure of XML documents. While not a complete solution, this can reduce the attack surface. There are no specific WAF rules or detection signatures readily available for this vulnerability, emphasizing the importance of patching.
Aucun correctif officiel disponible. Recherchez des alternatives ou surveillez les mises à jour.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2016-4658 is a critical vulnerability in Nokogiri versions up to 1.7.0.1 that allows for arbitrary code execution or denial of service through crafted XML documents due to a use-after-free condition in libxml2.
If you are using Nokogiri version 1.7.0.1 or earlier, you are vulnerable. Check your version with gem list nokogiri.
Upgrade Nokogiri to version 1.7.1 or later. This resolves the underlying libxml2 issue.
While no active campaigns are confirmed, the vulnerability's severity and widespread use of Nokogiri make it a potential target. It has been added to the CISA KEV catalog.
Refer to the Nokogiri project's release notes and security advisories on their GitHub repository: https://github.com/nokogiri/nokogiri/releases
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier Gemfile.lock et nous te dirons instantanément si tu es affecté.