CVE-2022-44311

html2xhtml v1.3 Out-Of-Bounds Write Vulnerability

Vulnerability Overview

A vulnerability was discovered in html2xhtml v1.3 where an Out-Of-Bounds read exists in the function static void elm_close(tree_node_t *nodo) at procesador.c.

If exploited, this vulnerability could result in the attacker gaining control of the affected system, stealing sensitive information, or causing a Denial of Service (DoS) via a crafted HTML file.

Impact Assessment

This vulnerability has been assigned a CVSSv3 score of 9.8 (Critical) due to its high severity. The impact of the vulnerability can be severe, as it can lead to data theft, system takeover, and possibly the compromise of other systems on the network.

Affected Versions

html2xhtml v1.3

Verifying If You Are Affected

To determine if you are using html2xhtml v1.3 and if your usage of the library exposes you to the vulnerability, follow these steps:

Identify if your application is using html2xhtml v1.3 or a package that depends on it.
Inspect your code to identify any usage of the library that could expose you to the vulnerability.
Review any input sources that could contain specially crafted HTML documents to ensure that they are properly sanitized and do not expose you to vulnerability.

Reproduction

To reproduce the vulnerability, download a vulnerable version of html2xhtml (v1.3) and compile the project:

wget http://www.it.uc3m.es/jaf/html2xhtml/downloads/html2xhtml-1.3.tar.gz
tar -xzvf html2xhtml-1.3.tar.gz
cd html2xhtml-1.3
./configure
make
cd src

Once the project has been compiled, you can point html2xhtml toward the proof of concept file (CVE-2022-44311_crash):

./html2xhtml -t frameset ./CVE-2022-44311_crash

Remediation

If you determine that you are using html2xhtml v1.3 and are exposed to the vulnerability, we recommend that you take the following actions:

Upgrade to a patched version of html2xhtml that addresses the vulnerability.
If a patch is not yet available, apply a workaround such as disabling the affected functionality.
If upgrading or applying a workaround is not feasible, consider switching to an alternative library such as LibSodium.

It is important to take action as soon as possible to ensure the security of your systems and data.

CVSS Metrics

CVSSv3 Score: 8.1 (High) Vector String: VSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVSS Base Metrics

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: High

References

GitHub Advisory Database: https://github.com/advisories/GHSA-28fm-qh2h-3mch
CVE Identifier: CVE-2022-44311 https://github.com/jfisteus/html2xhtml/issues/19
https://www.tenable.com/cve/CVE-2022-44311
Reproduction https://github.com/Halcy0nic/CVE-2022-44311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44311
https://www.cve.org/CVERecord?id=CVE-2022-44311

PreviousCrypto Airdrops: A Complete Guide NextCVE-2022-35255

Last updated 2 years ago