Lucene search
SnykCVELIST:CVE-2022-21144HistoryMay 01, 2022 - 3:25 p.m.
CVE-2022-21144 Denial of Service (DoS)
2022-05-0115:25:10
snyk
www.cve.org
3
cve-2022-21144
denial of service
libxmljs
parsexml
v8 code crash
buffer argument
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
EPSS
0.002
Percentile
55.9%
This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument’s toString value is not a Function object V8 will crash.
CNA Affected
[
{
"product": "libxmljs",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
prion
prion
Code injection
2022-05-01 16:15:00
cve
cve
CVE-2022-21144
2022-05-01 16:15:07
veracode
veracode
Denial Of Service (DoS)
2022-05-05 07:42:17
Denial Of Service (DoS)
2022-05-06 14:40:41
osv
osv
Denial of service vulnerability exists in libxmljs
2022-05-03 00:00:46
CVE-2022-21144
2022-05-01 16:15:07
nvd
nvd
CVE-2022-21144
2022-05-01 16:15:07
github
github
Denial of service vulnerability exists in libxmljs
2022-05-03 00:00:46
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
EPSS
0.002
Percentile
55.9%
Related for CVELIST:CVE-2022-21144