PT-2022-4890 · Nokogiri+6 · Nokogiri+6

Oooooooo_Q

Published

2022-04-10

Updated

2026-03-13

CVE-2022-24836

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.13.4

Description The issue is related to an inefficient regular expression in the Nokogiri library, which can lead to excessive backtracking when detecting encoding in HTML documents. This can be exploited by a remote attacker to cause a denial of service. There are no known workarounds for this issue.

Recommendations Upgrade to Nokogiri version 1.13.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable regular expression function until a patch is available.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333CWE-400

Related Identifiers

ALSA-2025_16880

ALT-PU-2022-2027

ALT-PU-2023-4266

ALT-PU-2024-7812

BDU:2022-06047

CVE-2022-24836

DLA-3003-1

DLA-3149-1

DLA-3868-1

GHSA-CRJR-9RC5-GHW8

MGASA-2022-0164

OESA-2022-1644

OPENSUSE-SU-2022_4015-1

OPENSUSE-SU-2022_4016-1

OPENSUSE-SU-2024:11999-1

OPENSUSE-SU-2024:13165-1

OPENSUSE-SU-2024:14174-1

OPENSUSE-SU-2025:14697-1

OPENSUSE-SU-2026:10356-1

RHSA-2022:8506

RLSA-2022:8506

SUSE-SU-2022:3890-1

SUSE-SU-2022:4015-1

SUSE-SU-2022:4016-1

SUSE-SU-2022_4015-1

SUSE-SU-2022_4016-1

Affected Products

Alt Linux

Astra Linux

Apple Macos

Nokogiri

Red Os

Rocky Linux

Suse

PT-2022-4890 · Nokogiri+6 · Nokogiri+6

CVE-2022-24836

Weakness Enumeration

Related Identifiers

Affected Products

References · 385