Miggo Logo
Miggo Vulnerability Database
CVE-2020-7595

CVE-2020-7595:
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-7595
GHSA ID
GHSA-7553-jr98-vx47
EPSS Score
0.64231%
CWE
CWE-835
Published
2/24/2020
Updated
6/9/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
nokogirirubygems< 1.10.81.10.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is directly associated with the xmlStringLenDecodeEntities function in parser.c. The patch modifies this function to prevent the infinite loop, indicating it is the key function related to the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

xmlStrin*L*n***o***ntiti*s in p*rs*r.* in li*xml* *.*.** **s *n in*init* loop in * **rt*in *n*-o*-*il* situ*tion. T** Noko*iri Ru*y**m **s p*t**** its v*n*or** *opy o* li*xml* in or**r to pr*v*nt t*is issu* *rom *****tin* noko*iri.

Reasoning

T** vuln*r**ility is *ir**tly *sso*i*t** wit* t** `xmlStrin*L*n***o***ntiti*s` *un*tion in `p*rs*r.*`. T** p*t** mo*i*i*s t*is *un*tion to pr*v*nt t** in*init* loop, in*i**tin* it is t** k*y *un*tion r*l*t** to t** vuln*r**ility.