CVE-2022-29546
published 2022-04-25CVE-2022-29546: HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI)…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.15%
62.9th percentile
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira_service_management | — | — |
| htmlunit | htmlunit | < 2.61.0 | 2.61.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Atlassian
CVE-2022-29546: DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Serve
vendor_atlassian·2023-12-12·CVSS 7.5
CVE-2022-29546 [HIGH] CVE-2022-29546: DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Serve
CVE-2022-29546: DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Serve
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server
CVE: CVE-2022-29546
Severity: HIGH
Affected products: Jira Service Management
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (NekoHTML) — CVE-2022-29546
vendor_oracle·2023-10-15·CVSS 7.5
CVE-2022-29546 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (NekoHTML) — CVE-2022-29546
Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (NekoHTML) vulnerability
CVE: CVE-2022-29546
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2023 (OCT 2023)
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (NekoHTML) — CVE-2022-29546
vendor_oracle·2023-07-15·CVSS 7.5
CVE-2022-29546 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: Third Party (NekoHTML) — CVE-2022-29546
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (NekoHTML) vulnerability
CVE: CVE-2022-29546
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2023 (JUL 2023)
GHSA
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
ghsa·2022-04-26
CVE-2022-29546 [HIGH] CWE-400 OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
### Impact
NekoHtml Parser suffers from a denial of service vulnerability on versions 2.60.0 and below. A specifically crafted input regarding the parsing of processing instructions leads to heap memory consumption. Please update to version 2.61.0.
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [https://github.com/HtmlUnit/htmlunit-neko](https://github.com/HtmlUnit/htmlunit-neko)
* Email us at [rbri at rbri.de]
OSV
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
osv·2022-04-26
CVE-2022-29546 [HIGH] OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
### Impact
NekoHtml Parser suffers from a denial of service vulnerability on versions 2.60.0 and below. A specifically crafted input regarding the parsing of processing instructions leads to heap memory consumption. Please update to version 2.61.0.
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [https://github.com/HtmlUnit/htmlunit-neko](https://github.com/HtmlUnit/htmlunit-neko)
* Email us at [rbri at rbri.de]
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-25
Published