CVE-2022-23476 - OpenCVE

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nokogiri	Nokogiri

Configuration 1 [-]

OR	cpe:2.3:a:nokogiri:nokogiri:1.13.8:::::ruby::
	cpe:2.3:a:nokogiri:nokogiri:1.13.9:::::ruby::

No data.

References

Link	Providers
https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
https://nvd.nist.gov/vuln/detail/CVE-2022-23476
https://www.cve.org/CVERecord?id=CVE-2022-23476

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-12-08T03:03:24.572Z

Updated: 2024-08-03T03:43:46.006Z

Reserved: 2022-01-19T21:23:53.758Z

Link: CVE-2022-23476

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-12-08T04:15:09.043

Modified: 2022-12-10T03:10:55.453

Link: CVE-2022-23476

Redhat

Severity : Moderate

Publid Date: 2022-12-08T00:00:00Z

Links: CVE-2022-23476 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23476", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", "dateReserved": "2022-01-19T21:23:53.758Z", "datePublished": "2022-12-08T03:03:24.572Z", "dateUpdated": "2024-08-03T03:43:46.006Z"}, "containers": {"cna": {"title": "Unchecked return value from xmlTextReaderExpand in Nokogiri", "problemTypes": [{"descriptions": [{"cweId": "CWE-252", "lang": "en", "description": "CWE-252: Unchecked Return Value", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj"}, {"name": "https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce", "tags": ["x_refsource_MISC"], "url": "https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce"}, {"name": "https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50", "tags": ["x_refsource_MISC"], "url": "https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50"}], "affected": [{"vendor": "sparklemotion", "product": "nokogiri", "versions": [{"version": ">= 1.13.8, < 1.13.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-08T03:03:24.572Z"}, "descriptions": [{"lang": "en", "value": "Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected."}], "source": {"advisory": "GHSA-qv4q-mr5r-qprj", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.006Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj"}, {"name": "https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce"}, {"name": "https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nokogiri:nokogiri:1.13.8:*:*:*:*:ruby:*:*", "matchCriteriaId": "5B720209-2ADC-4B12-8BEE-D5F827279B06", "vulnerable": true}, {"criteria": "cpe:2.3:a:nokogiri:nokogiri:1.13.9:*:*:*:*:ruby:*:*", "matchCriteriaId": "AA8BBC8F-F780-4359-81CA-EBB3A5767FB5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected."}, {"lang": "es", "value": "Nokogiri es una librer\u00eda XML y HTML de c\u00f3digo abierto para el lenguaje de programaci\u00f3n Ruby. Nokogiri `1.13.8` y `1.13.9` no pueden verificar el valor de retorno de `xmlTextReaderExpand` en el m\u00e9todo `Nokogiri::XML::Reader#attribute_hash`. Esto puede provocar una excepci\u00f3n de puntero null cuando se analiza un marcado no v\u00e1lido. Para las aplicaciones que utilizan `XML::Reader` para analizar entradas que no son de confianza, esto puede ser potencialmente un vector para un ataque de Denegaci\u00f3n de Servicio (DoS). Se recomienda a los usuarios actualizar a Nokogiri `>= 1.13.10`. Los usuarios pueden buscar en su c\u00f3digo llamadas a `XML::Reader#attributes` o `XML::Reader#attribute_hash` para determinar si est\u00e1n afectados."}], "id": "CVE-2022-23476", "lastModified": "2022-12-10T03:10:55.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-12-08T04:15:09.043", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-252"}, {"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "rubygem-nokogiri: Denial of service", "id": "2153279", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153279"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "(CWE-252|CWE-476)", "details": ["Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.", "A denial of service flaw was found in rubygem-nokogiri. When parsing invalid markup, a NULL pointer exception may occur, which is a potential vector for a denial of service attack."], "name": "CVE-2022-23476", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "rubygem-nokogiri", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-amp-backend-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-amp-zync-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-toolbox-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite-capsule:el8/rubygem-nokogiri", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite:el8/rubygem-amazing_print", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite:el8/rubygem-nokogiri", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite-utils:el8/rubygem-amazing_print", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "tfm-ror51-rubygem-nokogiri", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "tfm-ror52-rubygem-nokogiri", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "tfm-rubygem-amazing_print", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "tfm-rubygem-nokogiri", "product_name": "Red Hat Satellite 6"}], "public_date": "2022-12-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-23476\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23476\nhttps://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj"], "threat_severity": "Moderate", "upstream_fix": "rubygem-nokogiri 1.13.10"}