CVE-2022-29181

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-29181
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29181.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-29181
Aliases
Downstream
Related
Published
2022-05-20T19:15:08Z
Modified
2025-09-19T13:53:03.783248Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
Summary
[none]
Details

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a String by calling #to_s or equivalent.

References

Affected packages

Git / github.com/sparklemotion/nokogiri

Affected ranges

Type
GIT
Repo
https://github.com/sparklemotion/nokogiri
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Fixed

Affected versions

1.*

1.7.0.1-linux-binary1

REL_1.*

REL_1.0.0
REL_1.0.1
REL_1.0.2
REL_1.0.3
REL_1.0.4
REL_1.0.5
REL_1.0.6
REL_1.0.7
REL_1.1.0
REL_1.1.1
REL_1.2.0
REL_1.2.1
REL_1.2.2
REL_1.2.3
REL_1.3.0
REL_1.3.0rc1
REL_1.3.1
REL_1.3.2
REL_1.3.3
REL_1.4.0
REL_1.4.1
REL_1.4.2
REL_1.4.3
REL_1.4.3.1
REL_1.5.0.beta.1
REL_1.5.0.beta.2

v1.*

v1.10.0
v1.10.0.rc1
v1.10.1
v1.10.2
v1.10.3
v1.11.0
v1.11.0.rc1
v1.11.0.rc2
v1.11.0.rc3
v1.11.0.rc4
v1.11.1
v1.11.2
v1.11.3
v1.12.0
v1.12.0.rc1
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.4.4
v1.4.4.1
v1.4.4.2
v1.5.0
v1.5.0.beta.3
v1.5.0.beta.4
v1.5.1
v1.5.1.rc1
v1.5.2
v1.5.3
v1.5.3.rc1
v1.5.3.rc3
v1.5.3.rc4
v1.5.3.rc5
v1.5.3.rc6
v1.5.4
v1.5.4.rc1
v1.5.4.rc2
v1.5.4.rc3
v1.5.5
v1.5.5.rc1
v1.5.5.rc2
v1.5.5.rc3
v1.5.6
v1.5.6.rc1
v1.5.6.rc2
v1.5.7
v1.5.7.rc1
v1.5.7.rc2
v1.5.7.rc3
v1.5.8
v1.5.9
v1.6.0
v1.6.0.rc1
v1.6.2
v1.6.2.1
v1.6.2.beta.1
v1.6.2.rc1
v1.6.2.rc2
v1.6.2.rc3
v1.6.3
v1.6.3.1
v1.6.3.rc1
v1.6.3.rc2
v1.6.3.rc3
v1.6.4
v1.6.5
v1.6.6
v1.6.6.1
v1.6.6.2
v1.6.7.rc1
v1.6.7.rc2
v1.6.7.rc3
v1.6.7.rc4
v1.6.8
v1.6.8.rc1
v1.6.8.rc2
v1.6.8.rc3
v1.7.0
v1.7.0.1
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.9.0
v1.9.0.rc1
v1.9.1

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/Html4SaxParserContext.java",
                "function": "parse_io"
            },
            "signature_version": "v1",
            "digest": {
                "length": 311.0,
                "function_hash": "339774057150225604830925007899139441664"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-08218874"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/nokogiri/xml_sax_parser_context.c",
                "function": "parse_memory"
            },
            "signature_version": "v1",
            "digest": {
                "length": 440.0,
                "function_hash": "156700175685575345307480125041260173150"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-1630bc76"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/Html4SaxParserContext.java",
                "function": "parse_io"
            },
            "signature_version": "v1",
            "digest": {
                "length": 311.0,
                "function_hash": "339774057150225604830925007899139441664"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-1e36b4c7"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/nokogiri/xml_sax_parser_context.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "32660667544791835419492192119628462419",
                    "107509837605578032575666489903065846394",
                    "82339482050122467544479565850719152695",
                    "35316597750796945202672617103511275162",
                    "64023981287457464679046336078146686527",
                    "70256715334098376590202143321581670244",
                    "307505881030890224483924028945227594477",
                    "153908013770662347021857042754056368166",
                    "69279590166439256109855042886691596332",
                    "275480722593031554525184112037389671349",
                    "201906997703988881664001197585905877796",
                    "285155501316326881376048425303443337705",
                    "322197686736064847564962717883962289003"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2022-29181-1f19053f"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/XmlSaxParserContext.java",
                "function": "parse_io"
            },
            "signature_version": "v1",
            "digest": {
                "length": 251.0,
                "function_hash": "212191781225457695491386033688224906340"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-22439742"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/nokogiri/xml_sax_parser_context.c",
                "function": "noko_init_xml_sax_parser_context"
            },
            "signature_version": "v1",
            "digest": {
                "length": 915.0,
                "function_hash": "176127679834381012146427679809076348549"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-28f6af2a"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/nokogiri/xml_sax_parser_context.c",
                "function": "noko_init_xml_sax_parser_context"
            },
            "signature_version": "v1",
            "digest": {
                "length": 915.0,
                "function_hash": "176127679834381012146427679809076348549"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-29f6d5f5"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/nokogiri/xml_sax_parser_context.c",
                "function": "parse_io"
            },
            "signature_version": "v1",
            "digest": {
                "length": 356.0,
                "function_hash": "294968138415222748329321953319310436323"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-347206fc"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/nokogiri/html4_sax_parser_context.c",
                "function": "parse_memory"
            },
            "signature_version": "v1",
            "digest": {
                "length": 715.0,
                "function_hash": "127238979648815204612396819651147529331"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-3ae0d8a8"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/XmlSaxParserContext.java"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "301974088387910415895165297468897494853",
                    "262078244075390359928913097953673686959",
                    "332161118915953394321811625135653679747",
                    "37485012236067294588749722995528365636",
                    "235067727987673492805409627799828865989"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2022-29181-3b25b21e"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/Html4SaxParserContext.java",
                "function": "parse_file"
            },
            "signature_version": "v1",
            "digest": {
                "length": 297.0,
                "function_hash": "267902176412199800154903533136942249800"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-4e57f768"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/internals/ParserContext.java"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "251130477431979476662424461810691582938",
                    "34541768503110933539975464747105694011",
                    "272126993558759473010658636557092160129",
                    "247119134650593912805485105462029812584",
                    "200848791623806623448935133558450604572",
                    "269585636492925187769830241646393940632",
                    "130546992641210218792316502141335517451"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2022-29181-5058400a"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/nokogiri/html4_sax_parser_context.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "228948493316227740900978492420613898378",
                    "297369657864748533146341721710689031079",
                    "100207569160225581353473082597370343087",
                    "69279590166439256109855042886691596332",
                    "275480722593031554525184112037389671349",
                    "201906997703988881664001197585905877796"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2022-29181-56889168"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/nokogiri/html4_sax_parser_context.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "228948493316227740900978492420613898378",
                    "297369657864748533146341721710689031079",
                    "100207569160225581353473082597370343087",
                    "69279590166439256109855042886691596332",
                    "275480722593031554525184112037389671349",
                    "201906997703988881664001197585905877796"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2022-29181-5742102c"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/internals/ParserContext.java",
                "function": "setIOInputSource"
            },
            "signature_version": "v1",
            "digest": {
                "length": 262.0,
                "function_hash": "205531008590026051851218986025663118423"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-5e3cf5a8"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/XmlSaxParserContext.java"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "301974088387910415895165297468897494853",
                    "262078244075390359928913097953673686959",
                    "332161118915953394321811625135653679747",
                    "37485012236067294588749722995528365636",
                    "235067727987673492805409627799828865989"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2022-29181-8565521e"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/Html4SaxParserContext.java"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "331368784099517581934682078160424571708",
                    "102024338053281508170680113564003959162",
                    "339844541191640777103824805018317601737",
                    "201412992390040745034561854691694232729",
                    "331368784099517581934682078160424571708",
                    "102024338053281508170680113564003959162",
                    "33723629034192463124448976271557698700",
                    "279827863847969284732147331499160204438"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2022-29181-91597b4f"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/nokogiri/xml_sax_parser_context.c",
                "function": "parse_memory"
            },
            "signature_version": "v1",
            "digest": {
                "length": 440.0,
                "function_hash": "156700175685575345307480125041260173150"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-a4320415"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/nokogiri/xml_sax_parser_context.c",
                "function": "parse_io"
            },
            "signature_version": "v1",
            "digest": {
                "length": 356.0,
                "function_hash": "294968138415222748329321953319310436323"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-adbe964b"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/nokogiri/html4_sax_parser_context.c",
                "function": "parse_memory"
            },
            "signature_version": "v1",
            "digest": {
                "length": 715.0,
                "function_hash": "127238979648815204612396819651147529331"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-b0040838"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/Html4SaxParserContext.java"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "331368784099517581934682078160424571708",
                    "102024338053281508170680113564003959162",
                    "339844541191640777103824805018317601737",
                    "201412992390040745034561854691694232729",
                    "331368784099517581934682078160424571708",
                    "102024338053281508170680113564003959162",
                    "33723629034192463124448976271557698700",
                    "279827863847969284732147331499160204438"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2022-29181-b22c5a79"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/internals/ParserContext.java"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "251130477431979476662424461810691582938",
                    "34541768503110933539975464747105694011",
                    "272126993558759473010658636557092160129",
                    "247119134650593912805485105462029812584",
                    "200848791623806623448935133558450604572",
                    "269585636492925187769830241646393940632",
                    "130546992641210218792316502141335517451"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2022-29181-b3184692"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/Html4SaxParserContext.java",
                "function": "parse_file"
            },
            "signature_version": "v1",
            "digest": {
                "length": 297.0,
                "function_hash": "267902176412199800154903533136942249800"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-b9900a3e"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/internals/ParserContext.java",
                "function": "setIOInputSource"
            },
            "signature_version": "v1",
            "digest": {
                "length": 262.0,
                "function_hash": "205531008590026051851218986025663118423"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-d37b0a02"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7",
            "deprecated": false,
            "target": {
                "file": "ext/java/nokogiri/XmlSaxParserContext.java",
                "function": "parse_io"
            },
            "signature_version": "v1",
            "digest": {
                "length": 251.0,
                "function_hash": "212191781225457695491386033688224906340"
            },
            "signature_type": "Function",
            "id": "CVE-2022-29181-dcda49d2"
        },
        {
            "source": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267",
            "deprecated": false,
            "target": {
                "file": "ext/nokogiri/xml_sax_parser_context.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "32660667544791835419492192119628462419",
                    "107509837605578032575666489903065846394",
                    "82339482050122467544479565850719152695",
                    "35316597750796945202672617103511275162",
                    "64023981287457464679046336078146686527",
                    "70256715334098376590202143321581670244",
                    "307505881030890224483924028945227594477",
                    "153908013770662347021857042754056368166",
                    "69279590166439256109855042886691596332",
                    "275480722593031554525184112037389671349",
                    "201906997703988881664001197585905877796",
                    "285155501316326881376048425303443337705",
                    "322197686736064847564962717883962289003"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2022-29181-e7a9b689"
        }
    ]
}