CVE-2019-15542

Vulnerability

Description The vulnerability resides in the ammonia crate, a Rust HTML sanitization library that uses html5ever for parsing and serialization [2]. The issue is uncontrolled recursion during HTML DOM tree serialization, which can cause the call stack to overflow, resulting in an abort (crash) of the application [1][3]. This problem affects all versions of the crate prior to 2.1.0 [1][3].

Exploitation

Attack Surface An attacker can trigger this vulnerability by providing specially crafted HTML input that causes deep recursive serialization. The attack requires no authentication and no user interaction; the attacker simply needs to submit malicious HTML to any application that uses an affected version of ammonia to sanitize or clean untrusted HTML [3]. Since the input vector is network-based and complexity is low, the condition is easily exploitable [3].

Impact on

Availability The primary impact is on availability: a successful exploit causes the application to crash due to a stack overflow, leading to a denial of service (DoS) [3]. Confidentiality and integrity are not directly affected [3]. The CVSS score for this vulnerability is 7.5 (HIGH) with a vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [3][4].

Mitigation and

Patching The vulnerability has been patched in ammonia version 2.1.0 and later [1][3]. Users are strongly advised to update their crate dependency to version 2.1.0 or newer to mitigate the risk [1]. Note that only the v3 and v4 branches are currently supported; the 2.0 branch no longer receives security backports [1].