CVE-2022-28366

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-28366

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28366.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-28366

Aliases

GHSA-g9hh-vvx3-v37v

Related

Published

2022-04-21T23:15:10Z

Modified

2025-01-14T10:54:06.233233Z

Downstream

openSUSE-SU-2024:12022-1

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.

References

Affected packages

Debian:11 / libowasp-antisamy-java

Package

Name: libowasp-antisamy-java
Purl: pkg:deb/debian/libowasp-antisamy-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.3+dfsg-1.1

1.7.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libowasp-antisamy-java

Package

Name: libowasp-antisamy-java
Purl: pkg:deb/debian/libowasp-antisamy-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.3+dfsg-1.1

1.7.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libowasp-antisamy-java

Package

Name: libowasp-antisamy-java
Purl: pkg:deb/debian/libowasp-antisamy-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.4-1

Affected versions

1.*

1.5.3+dfsg-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/htmlunit/htmlunit

Affected ranges

Type: GIT
Repo: https://github.com/htmlunit/htmlunit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7421f043d18741c4e36bf7c0ce8b471122dbf18a

Type: GIT
Repo: https://github.com/nahsra/antisamy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

99b1143bd2219c7645a8d68ca856a51e67f7bbfa

Affected versions

1.*

1.6.3

v1.*

v1.5.10

v1.5.11

v1.5.12

v1.5.13

v1.5.7

v1.5.8

v1.5.9

v1.6.0

v1.6.1

v1.6.2

v1.6.4

v1.6.5