CVE-2023-2798

Published: May 25, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.

Affected (1)

Products: Htmlunit: Htmlunit

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Htmlunit Htmlunit	Before 2.70.0

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613

Source: cve-coordination@google.com

Mailing List

https://github.com/HtmlUnit/htmlunit/commit/940dc7fd

Source: cve-coordination@google.com

Patch

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://github.com/HtmlUnit/htmlunit/commit/940dc7fd

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.