ByteOS Network

Vulnerability Details :

CVE-2025-6494

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-22 Jun, 2025 | 22:31

Updated At-30 Jun, 2025 | 19:09

sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:22 Jun, 2025 | 22:31

Updated At:30 Jun, 2025 | 19:09

▼CVE Numbering Authority (CNA)

sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow

Affected Products

Vendor

Sparkle Motion

Product

nokogiri

Versions

Affected

c29c920907366cb74af13b4dc2230e9c9e23b833

Problem Types

Type	CWE ID	Description
CWE	CWE-122	Heap-based Buffer Overflow
CWE	CWE-119	Memory Corruption

Type: CWE

CWE ID: CWE-122

Description: Heap-based Buffer Overflow

Type: CWE

CWE ID: CWE-119

Description: Memory Corruption

Metrics

Version	Base score	Base severity	Vector
4.0	4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3.0	3.3	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2.0	1.7	N/A	AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Version: 3.0

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Version: 2.0

Base score: 1.7

Base severity: N/A

Vector:

AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Credits

reporter

JJLeo (VulDB User)

Timeline

Event	Date
Advisory disclosed	2025-06-22 00:00:00
VulDB entry created	2025-06-22 02:00:00
VulDB entry last update	2025-06-30 21:13:27

Event: Advisory disclosed

Date: 2025-06-22 00:00:00

Event: VulDB entry created

Date: 2025-06-22 02:00:00

Event: VulDB entry last update

Date: 2025-06-30 21:13:27

References

Hyperlink	Resource
https://vuldb.com/?id.313611	vdb-entry technical-description
https://vuldb.com/?ctiid.313611	signature permissions-required
https://vuldb.com/?submit.601006	third-party-advisory
https://github.com/sparklemotion/nokogiri/issues/3508	issue-tracking
https://github.com/sparklemotion/nokogiri/pull/3524	issue-tracking
https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt	exploit
https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a	patch

Hyperlink: https://vuldb.com/?id.313611

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.313611

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.601006

Resource:

third-party-advisory

Hyperlink: https://github.com/sparklemotion/nokogiri/issues/3508

Resource:

issue-tracking

Hyperlink: https://github.com/sparklemotion/nokogiri/pull/3524

Resource:

issue-tracking

Hyperlink: https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt

Resource:

exploit

Hyperlink: https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a

Resource:

patch

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:22 Jun, 2025 | 23:15

Updated At:30 Jun, 2025 | 20:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Secondary	2.0	1.7	LOW	AV:L/AC:L/Au:S/C:N/I:N/A:P

Type: Secondary

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Type: Secondary

Version: 2.0

Base score: 1.7

Base severity: LOW

Vector:

AV:L/AC:L/Au:S/C:N/I:N/A:P

Weaknesses

CWE ID	Type	Source
CWE-119	Secondary	cna@vuldb.com
CWE-122	Secondary	cna@vuldb.com

CWE ID: CWE-119

Type: Secondary

Source: cna@vuldb.com

CWE ID: CWE-122

Type: Secondary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a	cna@vuldb.com	N/A
https://github.com/sparklemotion/nokogiri/issues/3508	cna@vuldb.com	N/A
https://github.com/sparklemotion/nokogiri/pull/3524	cna@vuldb.com	N/A
https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt	cna@vuldb.com	N/A
https://vuldb.com/?ctiid.313611	cna@vuldb.com	N/A
https://vuldb.com/?id.313611	cna@vuldb.com	N/A
https://vuldb.com/?submit.601006	cna@vuldb.com	N/A

Hyperlink: https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://github.com/sparklemotion/nokogiri/issues/3508

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://github.com/sparklemotion/nokogiri/pull/3524

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?ctiid.313611

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?id.313611

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?submit.601006

Source: cna@vuldb.com

Resource: N/A

Similar CVEs

52Records found

CVE-2023-3291

Matching Score-4

Assigner-Protect AI (formerly huntr.dev)

View Details

Matching Score-4

Assigner-Protect AI (formerly huntr.dev)

CVSS Score-5.1||MEDIUM

EPSS-0.07% / 21.44%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 00:00

Updated-17 Dec, 2024 | 20:35

Heap-based Buffer Overflow in gpac/gpac

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.

Vendor-GPAC

Product-gpac gpac/gpac

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-1215

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-2.4||LOW

EPSS-0.11% / 30.36%

7 Day CHG~0.00%

Published-12 Feb, 2025 | 18:31

Updated-21 Mar, 2025 | 18:15

vim main.c memory corruption

A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.

Vendor-n/a

Product-vim

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2025-6494

Credits

sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs