Bug 2153279 (CVE-2022-23476) - CVE-2022-23476 rubygem-nokogiri: Denial of service
Summary: CVE-2022-23476 rubygem-nokogiri: Denial of service
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-23476
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2152067 2153280
Blocks: 2151925
TreeView+ depends on / blocked
 
Reported: 2022-12-14 12:32 UTC by ybuenos
Modified: 2022-12-15 16:18 UTC (History)
26 users (show)

Fixed In Version: rubygem-nokogiri 1.13.10
Doc Type: ---
Doc Text:
A denial of service flaw was found in rubygem-nokogiri. When parsing invalid markup, a NULL pointer exception may occur, which is a potential vector for a denial of service attack.
Clone Of:
Environment:
Last Closed: 2022-12-15 16:18:06 UTC
Embargoed:

Attachments (Terms of Use)

Description ybuenos 2022-12-14 12:32:50 UTC 
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.
Comment 1 ybuenos 2022-12-14 12:33:05 UTC 
Created rubygem-nokogiri tracking bugs for this issue:

Affects: fedora-all [bug 2153280]
Comment 2 Product Security DevOps Team 2022-12-15 16:18:03 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-23476
Note You need to log in before you can comment on or make changes to this bug.