CVE-2022-29181

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-29181
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-05-20 19:15:00 UTC
Updated2023-02-16 02:31:00 UTC
DescriptionNokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.

Risk And Classification

Problem Types: CWE-241

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Apple Macos All All All All
Application Nokogiri Nokogiri All All All All

References

ReferenceSourceLinkTags
Nokogiri: Multiple Vulnerabilities (GLSA 202208-29) — Gentoo security GENTOO security.gentoo.org
About the security content of macOS Ventura 13.1 - Apple Support CONFIRM support.apple.com
Release 1.13.6 / 2022-05-08 · sparklemotion/nokogiri · GitHub MISC github.com
GHSL-2022-031_GHSL-2022-032: Type confusion in Nokogiri leads to memory leak or DoS - CVE-2022-29181 | GitHub Security Lab MISC securitylab.github.com
Full Disclosure: APPLE-SA-2022-12-13-4 macOS Ventura 13.1 FULLDISC seclists.org
Improper Handling of Unexpected Data Type in Nokogiri · Advisory · sparklemotion/nokogiri · GitHub CONFIRM github.com
fix: {HTML4,XML}::SAX::{Parser,ParserContext} check arg types · sparklemotion/nokogiri@db05ba9 · GitHub MISC github.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 182209 Debian Security Update for ruby-nokogiri (CVE-2022-29181)
  • 282738 Fedora Security Update for rubygem (FEDORA-2022-0e5d64ce65)
  • 282739 Fedora Security Update for rubygem (FEDORA-2022-e9b2e1c1ac)
  • 282740 Fedora Security Update for rubygem (FEDORA-2022-0071328464)
  • 354254 Amazon Linux Security Advisory for rubygem-nokogiri : ALAS-2022-1648
  • 377838 Apple macOS Ventura 13.1 Not Installed (HT213532)
  • 502364 Alpine Linux Security Update for ruby-nokogiri
  • 710597 Gentoo Linux Nokogiri Multiple Vulnerabilities (GLSA 202208-29)
  • 752809 SUSE Enterprise Linux Security Update for rubygem-nokogiri (SUSE-SU-2022:4015-1)
  • 752810 SUSE Enterprise Linux Security Update for rubygem-nokogiri (SUSE-SU-2022:4016-1)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report