GSD-2022-29181
Vulnerability from gsd - Updated: 2022-05-23 00:00Details
### Summary
Nokogiri `< v1.13.6` does not type-check all inputs into the XML and HTML4 SAX parsers.
For CRuby users, this may allow specially crafted untrusted inputs to cause illegal
memory access errors (segfault) or reads from unrelated memory.
### Severity
The Nokogiri maintainers have evaluated this as **High 8.2** (CVSS3.1).
### Mitigation
CRuby users should upgrade to Nokogiri `>= 1.13.6`.
JRuby users are not affected.
### Workarounds
To avoid this vulnerability in affected applications, ensure the untrusted input is a
`String` by calling `#to_s` or equivalent.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-29181",
"description": "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.",
"id": "GSD-2022-29181",
"references": [
"https://advisories.mageia.org/CVE-2022-29181.html",
"https://www.suse.com/security/cve/CVE-2022-29181.html",
"https://alas.aws.amazon.com/cve/html/CVE-2022-29181.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri",
"purl": "pkg:gem/nokogiri"
}
}
],
"aliases": [
"CVE-2022-29181",
"GHSA-xh29-r2w5-wx8m"
],
"details": "### Summary\n\nNokogiri `\u003c v1.13.6` does not type-check all inputs into the XML and HTML4 SAX parsers.\nFor CRuby users, this may allow specially crafted untrusted inputs to cause illegal\nmemory access errors (segfault) or reads from unrelated memory.\n\n### Severity\n\nThe Nokogiri maintainers have evaluated this as **High 8.2** (CVSS3.1).\n\n### Mitigation\n\nCRuby users should upgrade to Nokogiri `\u003e= 1.13.6`.\n\nJRuby users are not affected.\n\n### Workarounds\n\nTo avoid this vulnerability in affected applications, ensure the untrusted input is a\n`String` by calling `#to_s` or equivalent.\n",
"id": "GSD-2022-29181",
"modified": "2022-05-23T00:00:00.000Z",
"published": "2022-05-23T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6"
},
{
"type": "WEB",
"url": "https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 8.2,
"type": "CVSS_V3"
}
],
"summary": "Improper Handling of Unexpected Data Type in Nokogiri"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29181",
"STATE": "PUBLIC",
"TITLE": "Improper Handling of Unexpected Data Type in Nokogiri"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nokogiri",
"version": {
"version_data": [
{
"version_value": "\u003c 1.13.6"
}
]
}
}
]
},
"vendor_name": "sparklemotion"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-241: Improper Handling of Unexpected Data Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m",
"refsource": "CONFIRM",
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m"
},
{
"name": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
"refsource": "MISC",
"url": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267"
},
{
"name": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6",
"refsource": "MISC",
"url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/",
"refsource": "MISC",
"url": "https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/"
},
{
"name": "GLSA-202208-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-29"
},
{
"name": "https://support.apple.com/kb/HT213532",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213532"
},
{
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
}
]
},
"source": {
"advisory": "GHSA-xh29-r2w5-wx8m",
"discovery": "UNKNOWN"
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2022-29181",
"cvss_v3": 8.2,
"date": "2022-05-23",
"description": "### Summary\n\nNokogiri `\u003c v1.13.6` does not type-check all inputs into the XML and HTML4 SAX parsers.\nFor CRuby users, this may allow specially crafted untrusted inputs to cause illegal\nmemory access errors (segfault) or reads from unrelated memory.\n\n### Severity\n\nThe Nokogiri maintainers have evaluated this as **High 8.2** (CVSS3.1).\n\n### Mitigation\n\nCRuby users should upgrade to Nokogiri `\u003e= 1.13.6`.\n\nJRuby users are not affected.\n\n### Workarounds\n\nTo avoid this vulnerability in affected applications, ensure the untrusted input is a\n`String` by calling `#to_s` or equivalent.\n",
"gem": "nokogiri",
"ghsa": "xh29-r2w5-wx8m",
"patched_versions": [
"\u003e= 1.13.6"
],
"related": {
"url": [
"https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6",
"https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/"
]
},
"title": "Improper Handling of Unexpected Data Type in Nokogiri",
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.13.6",
"affected_versions": "All versions before 1.13.6",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-241",
"CWE-937"
],
"date": "2023-02-16",
"description": "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.",
"fixed_versions": [
"1.13.6"
],
"identifier": "CVE-2022-29181",
"identifiers": [
"CVE-2022-29181",
"GHSA-xh29-r2w5-wx8m"
],
"not_impacted": "All versions starting from 1.13.6",
"package_slug": "gem/nokogiri",
"pubdate": "2022-05-20",
"solution": "Upgrade to version 1.13.6 or above.",
"title": "Improper Handling of Unexpected Data Type",
"urls": [
"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m",
"https://nvd.nist.gov/vuln/detail/CVE-2022-29181",
"https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6",
"https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/",
"https://github.com/advisories/GHSA-xh29-r2w5-wx8m"
],
"uuid": "2e7e0dd5-574d-4dfd-8f06-b6a8f0d7f629"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "1.13.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29181"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-241"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6"
},
{
"name": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m"
},
{
"name": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/"
},
{
"name": "GLSA-202208-29",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-29"
},
{
"name": "https://support.apple.com/kb/HT213532",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213532"
},
{
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
},
"lastModifiedDate": "2023-02-16T02:31Z",
"publishedDate": "2022-05-20T19:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…