Published: 08/12/2022 Updated: 10/12/2022

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nokogiri nokogiri 1.13.9
nokogiri nokogiri 1.13.8

DescriptionA denial of service flaw was found in rubygem-nokogiri When parsing invalid markup, a NULL pointer exception may occur, which is a potential vector for a denial of service attackA denial of service flaw was found in rubygem-nokogiri When parsing invalid markup, a NULL pointer exception may occur, which is a potential vector for ...

CWE-476 CWE-252 https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50 https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-23476

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-23476

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect