CVE-2022-40158 JXPath is vulnerable to DOS attacks if the parser is running on user supplied input.

There are two ways this can happen. The first is when input data is supplied that the parser doesn’t understand, such as an illegal character. The second way is when the parser is supplied with data that the parser already understands. For example, if the parser is given an XML document that contains a start tag with an ID attribute, then this already understood data will cause a stack overflow. The same applies if the parser is given an XML document that contains an end tag with an ID attribute. Therefore, it is important to always validate input data before parsing. Some best practices for validation include: - Validation of user input data - Validation of data inside data structures

Can’t access object of type ‘type ’

If an object of the wrong type is passed to a function, the parser will attempt to convert it into the desired type. This can result in a stack overflow. One way to avoid this issue is to always use cast functions. Cast functions are safe because they never cause a stack overflow. They also perform more correctly than attempting to convert data by hand.

CVE-2022-40159

There are two ways this can happen. The first is when input data is supplied that the parser doesn’t understand, such as an illegal character. The second way is when the parser is supplied with data that the parser already understands. For example, if the parser is given an XML document that contains a start tag with an ID attribute, then this already understood data will cause a stack overflow. The same applies if the parser is given an XML document that contains an end tag with an ID attribute. Therefore, it is important to always validate input data before parsing. Some best practices for validation include: - Validation of user input data - Validation of data inside data structures

How do I know if my site is vulnerable?

If your site is vulnerable, you can check for known vulnerabilities by using the following command:

https://www.owasp.org/index.php/Category:Vulnerabilities

Many other resources are available on this topic, such as the OWASP (Open Web Application Security Project) website.

Using a parser that does not validate input data can lead to security vulnerabilities

A parser is typically used to read data from a source and convert it into useful information. An input that does not validate its input can result in a security vulnerability. For example, the following code could cause a stack overflow:
if(document.getElementById("id").value=="id"){
var x = document.createElement("div");
var y = document.createTextNode("Hello World!");
x.appendChild(y);
} if(!validateId("id")){ var x = document.createElement("div"); var y = document.createTextNode("Hello World!"); x.appendChild(y); }

Timeline

Published on: 10/06/2022 18:16:00 UTC
Last modified on: 10/07/2022 19:04:00 UTC

References

• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47058
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40158