CVE-2022-23476 (nokogiri)

Read Time:33 Second

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.

Identity Attacks Now Comprise a Third of Intrusions

Microsoft Thwarts $4bn in Fraud Attempts

CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension

Network Edge Devices the Biggest Entry Point for Attacks on SMBs

ICO Issues Merseyside-Based Law Firm £60,000 Fine After Cyber-Attack

Smashing Security podcast #413: Hacking the hackers… with a credit card?

CVE Program Almost Unfunded

Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack

China-Backed Hackers Exploit BRICKSTORM Backdoor to Spy on European Businesses

pgbouncer-1.24.1-1.el9

pgbouncer-1.24.1-2.el8

pgbouncer-1.24.1-2.fc40

pgbouncer-1.24.1-2.fc42

pgbouncer-1.24.1-2.el10_1

pgbouncer-1.24.1-2.fc41