CVE-2022-29546

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.

Published: Apr 25, 2022
Updated: Dec 8, 2023
CVE: CVE-2022-29546
GHSA: GHSA-6jmm-mp6w-4rrg
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
net.sourceforge.htmlunit / neko-htmlunit	-	2.61.0
htmlunit / htmlunit	-	2.61.0

https://github.com/HtmlUnit/htmlunit-neko/commit/9d2aecd69223469e40c12ca3edddda09009110cc
https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg

Vulnerability Database

289,697

CVE-2022-29546