UBUNTU-CVE-2022-28366

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-28366

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-28366.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-28366

Related

CVE-2022-28366

Published

2022-04-21T23:15:00Z

Modified

2025-04-23T14:59:27Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.

References

Affected packages

Ubuntu:Pro:16.04:LTS / libowasp-antisamy-java

Package

Name: libowasp-antisamy-java
Purl: pkg:deb/ubuntu/libowasp-antisamy-java@1.5.3+dfsg-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.3+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / libowasp-antisamy-java

Package

Name: libowasp-antisamy-java
Purl: pkg:deb/ubuntu/libowasp-antisamy-java@1.5.3+dfsg-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.3+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / libowasp-antisamy-java

Package

Name: libowasp-antisamy-java
Purl: pkg:deb/ubuntu/libowasp-antisamy-java@1.5.3+dfsg-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.3+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / libowasp-antisamy-java

Package

Name: libowasp-antisamy-java
Purl: pkg:deb/ubuntu/libowasp-antisamy-java@1.5.3+dfsg-1.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.3+dfsg-1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / libowasp-antisamy-java

Package

Name: libowasp-antisamy-java
Purl: pkg:deb/ubuntu/libowasp-antisamy-java@1.7.4-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.4-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / libowasp-antisamy-java

Package

Name: libowasp-antisamy-java
Purl: pkg:deb/ubuntu/libowasp-antisamy-java@1.7.4-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.3+dfsg-1.1

1.7.4-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / libowasp-antisamy-java

Package

Name: libowasp-antisamy-java
Purl: pkg:deb/ubuntu/libowasp-antisamy-java@1.7.4-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.4-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}