Denial of Service (DoS)
CVE-2022-21144

7.5HIGH

Key Information:

Vendor: Libxmljs Project
Status: Libxmljs
Vendor: CVE Published:; 1 May 2022

🔔 Create Libxmljs Project Vulnerability Alert

What is CVE-2022-21144?

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

Affected Version(s)

libxmljs 0

References

https://snyk.io/vuln/SNYK-JS-LIBXMLJS-2348756

x_refsource_MISC

https://github.com/libxmljs/libxmljs/pull/594

x_refsource_MISC

https://github.com/libxmljs/libxmljs/commit/2501807bde9b3...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2022
Vulnerability Reserved
Feb 24, 2022

Credit

Cristian-Alexandru Staicu

Aviad Hahami

.

CVE-2022-21144 : Denial of Service (DoS)