Search for vulnerabilities
Vulnerability details: VCID-m3cr-1rh5-yqg5
Vulnerability ID VCID-m3cr-1rh5-yqg5
Aliases CVE-2022-23476
GHSA-qv4q-mr5r-qprj
Summary Unchecked return value from xmlTextReaderExpand ## Summary Nokogiri `1.13.8, 1.13.9` fails to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. ## Mitigation Upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected. ## Severity The Nokogiri maintainers have evaluated this as [High Severity 7.5 (CVSS3.1)](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ## References - [CWE - CWE-252: Unchecked Return Value (4.9)](https://cwe.mitre.org/data/definitions/252.html) - [CWE - CWE-476: NULL Pointer Dereference (4.9)](https://cwe.mitre.org/data/definitions/476.html) ## Credit This vulnerability was responsibly reported by @davidwilemski.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-252 Unchecked Return Value
CWE-476 NULL Pointer Dereference
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json
epss 0.00083 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00083 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00083 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00083 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-23476
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-qv4q-mr5r-qprj
cvssv3.1 7.5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml
generic_textual HIGH https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml
cvssv3.1 7.5 https://github.com/sparklemotion/nokogiri
generic_textual HIGH https://github.com/sparklemotion/nokogiri
cvssv3.1 7.5 https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
generic_textual HIGH https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
ssvc Track https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
cvssv3.1 7.5 https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
generic_textual HIGH https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
ssvc Track https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
cvssv3 7.5 https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
cvssv3.1 7.5 https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
cvssv3.1_qr HIGH https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
generic_textual HIGH https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
ssvc Track https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23476
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-23476
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json
https://api.first.org/data/v1/epss?cve=CVE-2022-23476
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml
https://github.com/sparklemotion/nokogiri
https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
https://nvd.nist.gov/vuln/detail/CVE-2022-23476
2153279 https://bugzilla.redhat.com/show_bug.cgi?id=2153279
cpe:2.3:a:nokogiri:nokogiri:1.13.8:*:*:*:*:ruby:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:1.13.8:*:*:*:*:ruby:*:*
cpe:2.3:a:nokogiri:nokogiri:1.13.9:*:*:*:*:ruby:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:1.13.9:*:*:*:*:ruby:*:*
GHSA-qv4q-mr5r-qprj https://github.com/advisories/GHSA-qv4q-mr5r-qprj
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/sparklemotion/nokogiri
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/ Found at https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/ Found at https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/ Found at https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-23476
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.25273
EPSS Score 0.00083
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:04:55.670973+00:00 Ruby Importer Import https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml 37.0.0