Intel

AIKIDO-2026-628697

ox is vulnerable to Denial of Service (DoS)

Denial of Service (DoS) Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 6 days ago

53

Medium Risk

This Affects:

RUBYox
2.0.7 - 2.14.27
Fixed in 2.14.28
Are you affected? Scan for Free

TL;DR

The XML parser in ext/ox/parse.c reads DOCTYPE prolog content through the recursive read_delimited function with no length or depth limit. Parsing an excessively long or deeply nested DOCTYPE drives unbounded recursion until the interpreter reaches a stack-too-deep condition. An attacker who can submit crafted XML to an application that parses it with Ox can exhaust the stack and abort parsing, causing a denial of service. The fix introduces a MAX_PROLOG cap and raises a prolog (doctype) too long error before the stack is exhausted.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application parses untrusted XML input with Ox.

Background info

ox is vulnerable to Denial of Service (DoS) in versions 2.0.7 - 2.14.27.

How to fix this

Upgrade the ox library to the patch version.