How severe is CVE-2022-23516?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-23516?

This is classified as CWE-674, which is a common weakness in software security.

CVE-2022-23516 - HIGH Severity | CVSS 7.5

Vulnerability Description

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized.

Related Vulnerabilities

CVE-2007-1285

HIGH

CVSS:7.5(High)

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recurs...

CWE-6742007

CVE-2007-3409

HIGH

CVSS:7.5(High)

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an in...

CWE-6742007

CVE-2016-10707

HIGH

CVSS:7.5(High)

jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an in...

CWE-6742016

CVE-2016-3627

HIGH

CVSS:7.5(High)

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consump...

CWE-6742016

CVE-2016-9597

HIGH

CVSS:7.5(High)

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service atta...

CWE-6742016

CVE-2017-11164

HIGH

CVSS:7.5(High)

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

CWE-6742017