Bug 2302268 (CVE-2024-41123) - CVE-2024-41123 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>
Summary: CVE-2024-41123 rexml: rubygem-rexml: DoS when parsing an XML having many spec...
Keywords:
Status: NEW
Alias: CVE-2024-41123
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2302829 2302835 2302779 2302780 2302781 2302782 2302783 2302784 2302785 2302786 2302787 2302788 2302789 2302790 2302791 2302792 2302793 2302794 2302795 2302796 2302797 2302798 2302799 2302800 2302801 2302802 2302803 2302804 2302805 2302806 2302807 2302808 2302809 2302810 2302811 2302812 2302813 2302814 2302815 2302816 2302817 2302818 2302819 2302820 2302821 2302822 2302823 2302824 2302825 2302826 2302827 2302828 2302830 2302831 2302832 2302833 2302834
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-08-01 15:30 UTC by OSIDB Bzimport
Modified: 2024-09-18 19:08 UTC (History)
34 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:6670 0 None None None 2024-09-16 01:28:40 UTC
Red Hat Product Errata RHSA-2024:6702 0 None None None 2024-09-16 18:05:20 UTC
Red Hat Product Errata RHSA-2024:6703 0 None None None 2024-09-16 18:06:07 UTC
Red Hat Product Errata RHSA-2024:6784 0 None None None 2024-09-18 18:54:27 UTC
Red Hat Product Errata RHSA-2024:6785 0 None None None 2024-09-18 19:08:36 UTC

Description OSIDB Bzimport 2024-08-01 15:30:53 UTC
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

Comment 3 errata-xmlrpc 2024-09-16 01:28:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6670 https://access.redhat.com/errata/RHSA-2024:6670

Comment 4 errata-xmlrpc 2024-09-16 18:05:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:6702 https://access.redhat.com/errata/RHSA-2024:6702

Comment 5 errata-xmlrpc 2024-09-16 18:06:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:6703 https://access.redhat.com/errata/RHSA-2024:6703

Comment 6 errata-xmlrpc 2024-09-18 18:54:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6784 https://access.redhat.com/errata/RHSA-2024:6784

Comment 7 errata-xmlrpc 2024-09-18 19:08:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6785 https://access.redhat.com/errata/RHSA-2024:6785


Note You need to log in before you can comment on or make changes to this bug.