Bug 2492946 (CVE-2026-57437)
| Summary: | CVE-2026-57437 nokogiri: Nokogiri: Denial of Service due to improper XPathContext garbage collection | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | akostadi, amasferr, anthomas, crizzo, dmayorov, ehelms, eshamard, ggainey, jlledo, jpasqual, juwatts, jvasik, kaycoth, mhulan, nmoumoul, osousa, pantinor, pcreech, rblanco, rchan, rhel-process-autobot, smallamp, tmalecek, tsedmik, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Nokogiri, an XML and HTML library for Ruby. This vulnerability occurs when an application directly constructs an XPathContext and allows its associated document to be garbage collected while the context is still in use. An attacker could potentially exploit this by causing the application to read invalid memory, leading to a denial of service (DoS) through a segmentation fault.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2497301, 2497300 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-06-25 15:02:33 UTC
|