=====================================================================

                                CERT-Renater

                    Note d'Information No. 2022/VULN450

_____________________________________________________________________

DATE                : 08/12/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running nokogiri (RubyGems) versions
                                     prior to 1.13.10.

=====================================================================
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
_____________________________________________________________________


Unchecked return value from xmlTextReaderExpand
High	flavorjones published GHSA-qv4q-mr5r-qprj

Package
  nokogiri (RubyGems)

Affected versions
1.13.8, 1.13.9

Patched versions
1.13.10


Description

Summary
Nokogiri 1.13.8, 1.13.9 fails to check the return value from
xmlTextReaderExpand in the method Nokogiri::XML::Reader#attribute_hash.
This can lead to a null pointer exception when invalid markup is
being parsed.

For applications using XML::Reader to parse untrusted inputs, this
may potentially be a vector for a denial of service attack.


Mitigation
Upgrade to Nokogiri >= 1.13.10.

Users may be able to search their code for calls to either
XML::Reader#attributes or XML::Reader#attribute_hash to
determine if they are affected.


Severity
The Nokogiri maintainers have evaluated this as High Severity
7.5 (CVSS3.1).


References
CWE - CWE-252: Unchecked Return Value (4.9)
CWE - CWE-476: NULL Pointer Dereference (4.9)


Credit
This vulnerability was responsibly reported by
@davidwilemski.


Severity
High

7.5/ 10

CVSS base metrics

Attack vector
Network

Attack complexity
Low

Privileges required
None

User interaction
None

Scope
Unchanged

Confidentiality
None

Integrity
None

Availability
High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE ID
CVE-2022-23476

Weaknesses
CWE-252 CWE-476


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================