PT-2023-21466 · Htmlunit · Htmlunit

Oss-Fuzz

Publicado

2023-05-25

Atualizado

2023-12-07

CVE-2023-2798

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions htmlunit versions prior to 2.70.0

Description The issue allows an attacker to cause a denial of service attack by supplying content that causes htmlunit to crash due to a stack overflow when running on user-supplied web pages. This can happen when htmlunit is used to browse untrusted webpages.

Recommendations For versions prior to 2.70.0, update to version 2.70.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of htmlunit for browsing untrusted web pages until the update is applied.

Correção

Memory Corruption

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-400

Identificadores relacionados

CVE-2023-2798

GHSA-RC44-5CMH-879M

Produtos afetados

Htmlunit

PT-2023-21466 · Htmlunit · Htmlunit

CVE-2023-2798

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11