CVE-2025-6494 | sparklemotion nokogiri up to 1.18.7 hashmap.c hashmap_get_with_hash heap-based overflow (Issue 3508)

Inserito da Angelo Barbosa | Giu 22, 2025 | CVE

A vulnerability was found in sparklemotion nokogiri up to 1.18.7. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow.

This vulnerability is uniquely identified as CVE-2025-6494. An attack has to be approached locally. Furthermore, there is an exploit available.

CVE-2025-6494 | sparklemotion nokogiri up to 1.18.7 hashmap.c hashmap_get_with_hash heap-based overflow (Issue 3508)

Post correlati

CVE-2024-50062 | Linux Kernel up to 5.15.167/6.1.112/6.6.56/6.11.3 RDMA con_num null pointer dereference

CVE-2024-25452 | Axiomatic Bento4 1.6.0-640 AP4_UrlAtom::AP4_UrlAtom resource consumption

CVE-2023-46454 | GL.iNet GL-AR300M up to 4.3.7 Package Name os command injection

CVE-2024-20261 | Cisco Firepower Threat Defense Software Encrypted Archive File Policy access control (cisco-sa-ftd-archive-bypass-z4wQjwcN)