CVE-2022-23517
Denial of Service vulnerability in rails-html-sanitizer (RubyGems)
What is CVE-2022-23517 About?
This Denial of Service vulnerability in rails-html-sanitizer `< 1.4.4` arises from an inefficient regular expression susceptible to excessive backtracking. Processing certain crafted SVG attributes can lead to high CPU consumption, causing a DoS. Exploitation requires the submission of specific input, making it moderately easy.
Affected Software
Technical Details
The vulnerability is a Regular Expression Denial of Service (ReDoS) affecting rails-html-sanitizer versions prior to 1.4.4. The core issue lies within an inefficient regular expression used to sanitize SVG attributes. When presented with specially crafted input, particularly certain SVG attributes, this regular expression enters a catastrophic backtracking state. This causes the regex engine to take an extraordinarily long time to process the input, consuming significant CPU resources. The prolonged CPU usage due to the inefficient regex effectively renders the application unresponsive, leading to a denial-of-service condition. This attack vector exploits the complexity of the regex against specifically malformed input.
What is the Impact of CVE-2022-23517?
Successful exploitation may allow attackers to cause a denial of service, making the affected application or system unavailable to legitimate users by consuming excessive CPU resources.
What is the Exploitability of CVE-2022-23517?
Exploitation of this vulnerability is of moderate complexity, as it requires the attacker to submit specially crafted input containing specific SVG attributes that trigger the inefficient regular expression. No authentication or special privileges are required, provided the attacker can submit content that gets sanitized by the vulnerable component. The attack is remote, and the severity is rated high due to the potential for complete resource exhaustion. Applications that accept and sanitize untrusted user-supplied content, especially HTML or SVG, are at increased risk due to this inefficient regex pattern. The primary risk factor is public accessibility of input forms subjected to sanitization.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-23517?
Available Upgrade Options
- rails-html-sanitizer
- <1.4.4 → Upgrade to 1.4.4
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
- https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-23517.yml
- https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html
- https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html
- https://hackerone.com/reports/1684163
- https://hackerone.com/reports/1684163
- https://nvd.nist.gov/vuln/detail/CVE-2022-23517
- https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html
- https://osv.dev/vulnerability/GHSA-5x79-w82f-gw8w
What are Similar Vulnerabilities to CVE-2022-23517?
Similar Vulnerabilities: CVE-2024-47888 , CVE-2023-22797 , CVE-2023-23912 , CVE-2023-3806 , CVE-2023-45543
