Miggo Logo

CVE-2021-3518: Nokogiri Implements libxml2 version vulnerable to use-after-free

8.8

CVSS Score
3.1

Basic Information

EPSS Score
0.39379%
Published
5/24/2022
Updated
7/19/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
nokogirirubygems< 1.11.41.11.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability CVE-2021-3518 is a use-after-free flaw within the libxml2 library, specifically in versions before 2.9.11. Nokogiri, a popular Ruby library for parsing XML and HTML, bundles libxml2 for its core parsing functionality. Affected versions of Nokogiri (< 1.11.4) included a vulnerable version of libxml2.

The patch for this vulnerability in Nokogiri was not a change in Nokogiri's own Ruby or C extension code, but rather an update of the bundled libxml2 library to version 2.9.11. This update occurred in Nokogiri version 1.11.4, with commit c9c89f7598f9a18000b60490309898091f190a77 being a key commit that updated the libxml2 submodule.

Therefore, the 'vulnerable functions' from Nokogiri's perspective are its public API methods that developers use to parse XML/HTML documents or streams. When these Nokogiri methods are invoked with specially crafted input, they pass this input to the underlying libxml2 library. If Nokogiri is using a vulnerable version of libxml2, the use-after-free condition within libxml2 can be triggered.

The identified functions are the primary entry points in the Nokogiri API for initiating parsing operations (DOM, SAX, Reader, Push). These are the functions that would appear in a Ruby application's stack trace when the application processes malicious input that triggers the libxml2 vulnerability. They 'process potentially malicious input' by forwarding it to the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T**r*'s * *l*w in li*xml* in v*rsions ***or* *.*.**. *n *tt**k*r w*o is **l* to su*mit * *r**t** *il* to ** pro**ss** *y *n *ppli**tion link** wit* li*xml* *oul* tri***r * us*-**t*r-*r**. T** *r**t*st imp**t *rom t*is *l*w is to *on*i**nti*lity, int*

Reasoning

T** vuln*r**ility *V*-****-**** is * us*-**t*r-*r** *l*w wit*in t** li*xml* li*r*ry, sp**i*i**lly in v*rsions ***or* *.*.**. Noko*iri, * popul*r Ru*y li*r*ry *or p*rsin* XML *n* *TML, *un*l*s `li*xml*` *or its *or* p*rsin* *un*tion*lity. *****t** v*r