CVE-2022-29546 — Uncontrolled Resource Consumption in Htmlunit

CWE-400 — Uncontrolled Resource Consumption7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 51.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Htmlunit

Timeline

PublishedApr 25

Latest updateDec 12

Description

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDhtmlunit/htmlunit< 2.61.0

🔴Vulnerability Details

GHSA

OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser↗2022-04-26

▶

OSV

OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser↗2022-04-26

▶

CVEList

CVE-2022-29546: HtmlUnit NekoHtml Parser before 2↗2022-04-25

▶

📋Vendor Advisories

Atlassian

CVE-2022-29546: DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Serve↗2023-12-12

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (NekoHTML) — CVE-2022-29546↗2023-10-15

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Third Party (NekoHTML) — CVE-2022-29546↗2023-07-15

▶