CVE-2025-6490
sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow
A vulnerability was found in sparklemotion nokogiri up to 1.18.7 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Eine problematische Schwachstelle wurde in sparklemotion nokogiri bis 1.18.7 gefunden. Es geht hierbei um die Funktion hashmap_set_with_hash der Datei gumbo-parser/src/hashmap.c. Mit der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur öffentlichen Verfügung.
| 2025-06-21: | Advisory disclosed |
| 2025-06-21: | VulDB entry created |
| 2025-06-21: | VulDB entry last update |
JJLeo (VulDB User)
vuldb.com/?id.313601 (VDB-313601 | sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow)
vuldb.com/?ctiid.313601 (VDB-313601 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.601005 (Submit #601005 | sparklemotion nokogiri nokogiri v1.18.7 (commit a024cff) Heap-based Buffer Overflow)
github.com/sparklemotion/nokogiri/issues/3500
github.com/...-attachments/files/19625432/nokogiri_crash.txt
Support options
