CVE-2017-16229

Name of the Vulnerable Software and Affected Versions: Ox gem version 2.8.1

Description: The issue is related to a stack-based buffer over-read in the read from str function in sax buf.c when a crafted input is supplied to sax parse. This can cause the process to crash.

Recommendations: For Ox gem version 2.8.1, consider avoiding the use of the sax parse function with crafted inputs until a patch is available. As a temporary workaround, restrict the input supplied to sax parse to prevent potential crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.