ox 2.0.1

2 security vulnerabilities found in version 2.0.1

ox ruby gem segmentation fault via parse_obj

high severity CVE-2017-15928
high severity CVE-2017-15928
Patched versions: >= 2.8.1

In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication.

ox ruby gem stack overflow in sax_parse

medium severity CVE-2017-16229
medium severity CVE-2017-16229
Patched versions: >= 2.8.2

In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

Author did not declare license for this gem in the gemspec.


This gem version has a BSD-3-Clause license in the source code, however it was not declared in the gemspec file.

This gem version is available.


This gem version has not been yanked and is still available for usage.