SB2022052554 - Fedora EPEL 9 update for rubygem-nokogiri

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022052554

SB2022052554 - Fedora EPEL 9 update for rubygem-nokogiri

Published: May 25, 2022

Security Bulletin ID SB2022052554
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2022-29181)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input passed into the XML and HTML4 SAX parsers. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


2) Incorrect Regular Expression (CVE-ID: CVE-2022-24836)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to usage of an incorrect regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. A remote attacker can bypass implemented restrictions.


Remediation

Install update from vendor's website.

References