CVE-2022-29181
Published: 20 May 2022
Summary
CVE-2022-29181 is a high-severity Improper Handling of Unexpected Data Type (CWE-241) vulnerability in Nokogiri Nokogiri. Its CVSS base score is 8.2 (High).
Operationally, ranked in the top 11.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Nokogiri is an open source XML and HTML library for Ruby. Versions prior to 1.13.6 fail to perform type checks on all inputs supplied to the XML and HTML4 SAX parsers, allowing specially crafted untrusted data to trigger illegal memory accesses that produce segmentation faults or reads from unrelated memory regions. The issue is tracked under CWE-241 and CWE-843 and carries a CVSS 3.1 score of 8.2.
An unauthenticated remote attacker can supply malicious input directly to an affected parser and thereby induce a denial-of-service condition or limited information disclosure. No user interaction or elevated privileges are required.
The project’s security advisory and release notes for version 1.13.6 state that the vulnerability is resolved by the commits included in that release. As a temporary mitigation, callers can coerce untrusted input to a Ruby String via #to_s before passing it to the parsers.
EPSS scores for the CVE reached a peak of 0.0576 before receding to the current value of 0.0418; no public reports of in-the-wild exploitation have been noted in the referenced materials.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-5789
Vulnerability details
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault)…
more
or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.