CVE-2025-6494
sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow
A vulnerability was found in sparklemotion nokogiri up to 1.18.7. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Es wurde eine Schwachstelle in sparklemotion nokogiri bis 1.18.7 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion hashmap_get_with_hash der Datei gumbo-parser/src/hashmap.c. Dank Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur öffentlichen Verfügung.
| 2025-06-22: | Advisory disclosed |
| 2025-06-22: | VulDB entry created |
| 2025-06-22: | VulDB entry last update |
JJLeo (VulDB User)
vuldb.com/?id.313611 (VDB-313611 | sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow)
vuldb.com/?ctiid.313611 (VDB-313611 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.601006 (Submit #601006 | sparklemotion nokogiri nokogiri v1.18.7 (commit a024cff) Heap-based Buffer Overflow)
github.com/sparklemotion/nokogiri/issues/3508
github.com/...ttachments/files/19825279/nokogiri_crash_2.txt
Support options
