CVE-2022-23476

Unchecked return value from xmlTextReaderExpand in Nokogiri

CVSS 7.5 HIGHEPSS 1.7%CWE-252 CWE-476

In short

Nokogiri fails to properly check if a function succeeds when parsing XML, which can cause the program to crash when processing malformed XML. This is a vulnerability if your application parses untrusted XML data.

Technical detail

CVE-2022-23476 involves improper error handling in Nokogiri's XML::Reader#attribute_hash method, where the return value of xmlTextReaderExpand is not validated, leading to null pointer dereference on malformed markup. The attack vector is via untrusted XML input, with no authentication required; the impact is denial of service through application crash.

Summary generated and translated by AI from the official description.

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

sparklemotion · nokogiri

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50 https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj