| description |
|---|
html2xhtml v1.3 Out-Of-Bounds Write Vulnerability |
A vulnerability was discovered in html2xhtml v1.3 where an Out-Of-Bounds read exists in the function static void elm_close(tree_node_t *nodo) at procesador.c.
If exploited, this vulnerability could result in the attacker gaining control of the affected system, stealing sensitive information, or causing a Denial of Service (DoS) via a crafted HTML file.
This vulnerability has been assigned a CVSSv3 score of 9.8 (Critical) due to its high severity. The impact of the vulnerability can be severe, as it can lead to data theft, system takeover, and possibly the compromise of other systems on the network.
html2xhtml v1.3
To determine if you are using html2xhtml v1.3 and if your usage of the library exposes you to the vulnerability, follow these steps:
- Identify if your application is using html2xhtml v1.3 or a package that depends on it.
- Inspect your code to identify any usage of the library that could expose you to the vulnerability.
- Review any input sources that could contain specially crafted HTML documents to ensure that they are properly sanitized and do not expose you to vulnerability.
To reproduce the vulnerability, download a vulnerable version of html2xhtml (v1.3) and compile the project:
wget http://www.it.uc3m.es/jaf/html2xhtml/downloads/html2xhtml-1.3.tar.gz
tar -xzvf html2xhtml-1.3.tar.gz
cd html2xhtml-1.3
./configure
make
cd srcOnce the project has been compiled, you can point html2xhtml toward the proof of concept file (CVE-2022-44311_crash):
./html2xhtml -t frameset ./CVE-2022-44311_crashIf you determine that you are using html2xhtml v1.3 and are exposed to the vulnerability, we recommend that you take the following actions:
- Upgrade to a patched version of html2xhtml that addresses the vulnerability.
- If a patch is not yet available, apply a workaround such as disabling the affected functionality.
- If upgrading or applying a workaround is not feasible, consider switching to an alternative library such as LibSodium.
It is important to take action as soon as possible to ensure the security of your systems and data.
CVSSv3 Score: 8.1 (High) Vector String: VSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
- Attack Vector:
Network - Attack Complexity:
Low - Privileges Required:
None - User Interaction:
Required - Scope:
Unchanged - Confidentiality:
High - Integrity:
None - Availability:
High
- GitHub Advisory Database: https://github.com/advisories/GHSA-28fm-qh2h-3mch
- CVE Identifier: CVE-2022-44311 jfisteus/html2xhtml#19
- https://www.tenable.com/cve/CVE-2022-44311
- Reproduction https://github.com/Halcy0nic/CVE-2022-44311
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44311
- https://www.cve.org/CVERecord?id=CVE-2022-44311