GHSA-mrxw-mxhj-p664
Use-after-free vulnerability in nokogiri (RubyGems)
What is GHSA-mrxw-mxhj-p664 About?
This vulnerability involves two distinct Use-after-free issues (CVE-2025-24855 and CVE-2024-55549) in libxslt, a dependency of Nokogiri. Successful exploitation could lead to denial of service or potentially arbitrary code execution by corrupting memory. The exploitation complexity is high due to the nature of use-after-free conditions.
Affected Software
Technical Details
The vulnerability consists of two Use-after-free conditions within libxslt v1.1.43, specifically CVE-2025-24855 (related to xsltEvalXPathStringNs and XPath context node) and CVE-2024-55549 (related to excluded result prefixes). Both involve memory being deallocated but then accessed again, leading to unpredictable program behavior such as crashes (denial of service), information disclosure, or, with precise memory manipulation, arbitrary code execution. The attack vector involves specially crafted XML/XSLT input processed by libxslt, which triggers the erroneous memory access patterns during XPath evaluation or namespace handling.
What is the Impact of GHSA-mrxw-mxhj-p664?
Successful exploitation may allow attackers to cause a denial of service (application crash), achieve arbitrary code execution, or disclose sensitive information by corrupting memory.
What is the Exploitability of GHSA-mrxw-mxhj-p664?
Exploitation is complex, requiring a deep understanding of memory management and the internal workings of libxslt's XPath processing and namespace handling. There are no authentication or privilege requirements for triggering the vulnerability if the application processes untrusted XML/XSLT input. It is primarily a remote vulnerability if the application directly processes attacker-controlled XML/XSLT. The attacker must craft specific XML or XSLT stylesheets that trigger the use-after-free condition. The vulnerability's impact is rated high, indicating that despite the complexity, successful exploitation could have severe consequences. Risk factors include applications that parse untrusted XML/XSLT documents using affected versions of Nokogiri/libxslt.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for GHSA-mrxw-mxhj-p664?
Available Upgrade Options
- nokogiri
- <1.18.4 → Upgrade to 1.18.4
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-mrxw-mxhj-p664
- https://github.com/sparklemotion/nokogiri
- https://nvd.nist.gov/vuln/detail/CVE-2024-55549
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
- https://osv.dev/vulnerability/GHSA-mrxw-mxhj-p664
- https://nvd.nist.gov/vuln/detail/CVE-2025-24855
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
What are Similar Vulnerabilities to GHSA-mrxw-mxhj-p664?
Similar Vulnerabilities: CVE-2022-29181 , CVE-2022-23307 , CVE-2022-23305 , CVE-2022-23302 , CVE-2021-3997
