Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a String
by calling #to_s
or equivalent.
{ "vanir_signatures": [ { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/java/nokogiri/Html4SaxParserContext.java", "function": "parse_io" }, "signature_version": "v1", "digest": { "length": 311.0, "function_hash": "339774057150225604830925007899139441664" }, "signature_type": "Function", "id": "CVE-2022-29181-08218874" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/nokogiri/xml_sax_parser_context.c", "function": "parse_memory" }, "signature_version": "v1", "digest": { "length": 440.0, "function_hash": "156700175685575345307480125041260173150" }, "signature_type": "Function", "id": "CVE-2022-29181-1630bc76" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/java/nokogiri/Html4SaxParserContext.java", "function": "parse_io" }, "signature_version": "v1", "digest": { "length": 311.0, "function_hash": "339774057150225604830925007899139441664" }, "signature_type": "Function", "id": "CVE-2022-29181-1e36b4c7" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/nokogiri/xml_sax_parser_context.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "32660667544791835419492192119628462419", "107509837605578032575666489903065846394", "82339482050122467544479565850719152695", "35316597750796945202672617103511275162", "64023981287457464679046336078146686527", "70256715334098376590202143321581670244", "307505881030890224483924028945227594477", "153908013770662347021857042754056368166", "69279590166439256109855042886691596332", "275480722593031554525184112037389671349", "201906997703988881664001197585905877796", "285155501316326881376048425303443337705", "322197686736064847564962717883962289003" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2022-29181-1f19053f" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/java/nokogiri/XmlSaxParserContext.java", "function": "parse_io" }, "signature_version": "v1", "digest": { "length": 251.0, "function_hash": "212191781225457695491386033688224906340" }, "signature_type": "Function", "id": "CVE-2022-29181-22439742" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/nokogiri/xml_sax_parser_context.c", "function": "noko_init_xml_sax_parser_context" }, "signature_version": "v1", "digest": { "length": 915.0, "function_hash": "176127679834381012146427679809076348549" }, "signature_type": "Function", "id": "CVE-2022-29181-28f6af2a" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/nokogiri/xml_sax_parser_context.c", "function": "noko_init_xml_sax_parser_context" }, "signature_version": "v1", "digest": { "length": 915.0, "function_hash": "176127679834381012146427679809076348549" }, "signature_type": "Function", "id": "CVE-2022-29181-29f6d5f5" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/nokogiri/xml_sax_parser_context.c", "function": "parse_io" }, "signature_version": "v1", "digest": { "length": 356.0, "function_hash": "294968138415222748329321953319310436323" }, "signature_type": "Function", "id": "CVE-2022-29181-347206fc" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/nokogiri/html4_sax_parser_context.c", "function": "parse_memory" }, "signature_version": "v1", "digest": { "length": 715.0, "function_hash": "127238979648815204612396819651147529331" }, "signature_type": "Function", "id": "CVE-2022-29181-3ae0d8a8" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/java/nokogiri/XmlSaxParserContext.java" }, "signature_version": "v1", "digest": { "line_hashes": [ "301974088387910415895165297468897494853", "262078244075390359928913097953673686959", "332161118915953394321811625135653679747", "37485012236067294588749722995528365636", "235067727987673492805409627799828865989" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2022-29181-3b25b21e" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/java/nokogiri/Html4SaxParserContext.java", "function": "parse_file" }, "signature_version": "v1", "digest": { "length": 297.0, "function_hash": "267902176412199800154903533136942249800" }, "signature_type": "Function", "id": "CVE-2022-29181-4e57f768" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/java/nokogiri/internals/ParserContext.java" }, "signature_version": "v1", "digest": { "line_hashes": [ "251130477431979476662424461810691582938", "34541768503110933539975464747105694011", "272126993558759473010658636557092160129", "247119134650593912805485105462029812584", "200848791623806623448935133558450604572", "269585636492925187769830241646393940632", "130546992641210218792316502141335517451" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2022-29181-5058400a" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/nokogiri/html4_sax_parser_context.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "228948493316227740900978492420613898378", "297369657864748533146341721710689031079", "100207569160225581353473082597370343087", "69279590166439256109855042886691596332", "275480722593031554525184112037389671349", "201906997703988881664001197585905877796" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2022-29181-56889168" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/nokogiri/html4_sax_parser_context.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "228948493316227740900978492420613898378", "297369657864748533146341721710689031079", "100207569160225581353473082597370343087", "69279590166439256109855042886691596332", "275480722593031554525184112037389671349", "201906997703988881664001197585905877796" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2022-29181-5742102c" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/java/nokogiri/internals/ParserContext.java", "function": "setIOInputSource" }, "signature_version": "v1", "digest": { "length": 262.0, "function_hash": "205531008590026051851218986025663118423" }, "signature_type": "Function", "id": "CVE-2022-29181-5e3cf5a8" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/java/nokogiri/XmlSaxParserContext.java" }, "signature_version": "v1", "digest": { "line_hashes": [ "301974088387910415895165297468897494853", "262078244075390359928913097953673686959", "332161118915953394321811625135653679747", "37485012236067294588749722995528365636", "235067727987673492805409627799828865989" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2022-29181-8565521e" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/java/nokogiri/Html4SaxParserContext.java" }, "signature_version": "v1", "digest": { "line_hashes": [ "331368784099517581934682078160424571708", "102024338053281508170680113564003959162", "339844541191640777103824805018317601737", "201412992390040745034561854691694232729", "331368784099517581934682078160424571708", "102024338053281508170680113564003959162", "33723629034192463124448976271557698700", "279827863847969284732147331499160204438" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2022-29181-91597b4f" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/nokogiri/xml_sax_parser_context.c", "function": "parse_memory" }, "signature_version": "v1", "digest": { "length": 440.0, "function_hash": "156700175685575345307480125041260173150" }, "signature_type": "Function", "id": "CVE-2022-29181-a4320415" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/nokogiri/xml_sax_parser_context.c", "function": "parse_io" }, "signature_version": "v1", "digest": { "length": 356.0, "function_hash": "294968138415222748329321953319310436323" }, "signature_type": "Function", "id": "CVE-2022-29181-adbe964b" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/nokogiri/html4_sax_parser_context.c", "function": "parse_memory" }, "signature_version": "v1", "digest": { "length": 715.0, "function_hash": "127238979648815204612396819651147529331" }, "signature_type": "Function", "id": "CVE-2022-29181-b0040838" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/java/nokogiri/Html4SaxParserContext.java" }, "signature_version": "v1", "digest": { "line_hashes": [ "331368784099517581934682078160424571708", "102024338053281508170680113564003959162", "339844541191640777103824805018317601737", "201412992390040745034561854691694232729", "331368784099517581934682078160424571708", "102024338053281508170680113564003959162", "33723629034192463124448976271557698700", "279827863847969284732147331499160204438" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2022-29181-b22c5a79" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/java/nokogiri/internals/ParserContext.java" }, "signature_version": "v1", "digest": { "line_hashes": [ "251130477431979476662424461810691582938", "34541768503110933539975464747105694011", "272126993558759473010658636557092160129", "247119134650593912805485105462029812584", "200848791623806623448935133558450604572", "269585636492925187769830241646393940632", "130546992641210218792316502141335517451" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2022-29181-b3184692" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/java/nokogiri/Html4SaxParserContext.java", "function": "parse_file" }, "signature_version": "v1", "digest": { "length": 297.0, "function_hash": "267902176412199800154903533136942249800" }, "signature_type": "Function", "id": "CVE-2022-29181-b9900a3e" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/java/nokogiri/internals/ParserContext.java", "function": "setIOInputSource" }, "signature_version": "v1", "digest": { "length": 262.0, "function_hash": "205531008590026051851218986025663118423" }, "signature_type": "Function", "id": "CVE-2022-29181-d37b0a02" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7", "deprecated": false, "target": { "file": "ext/java/nokogiri/XmlSaxParserContext.java", "function": "parse_io" }, "signature_version": "v1", "digest": { "length": 251.0, "function_hash": "212191781225457695491386033688224906340" }, "signature_type": "Function", "id": "CVE-2022-29181-dcda49d2" }, { "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267", "deprecated": false, "target": { "file": "ext/nokogiri/xml_sax_parser_context.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "32660667544791835419492192119628462419", "107509837605578032575666489903065846394", "82339482050122467544479565850719152695", "35316597750796945202672617103511275162", "64023981287457464679046336078146686527", "70256715334098376590202143321581670244", "307505881030890224483924028945227594477", "153908013770662347021857042754056368166", "69279590166439256109855042886691596332", "275480722593031554525184112037389671349", "201906997703988881664001197585905877796", "285155501316326881376048425303443337705", "322197686736064847564962717883962289003" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2022-29181-e7a9b689" } ] }