CVE-2023-2798

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions htmlunit versions prior to 2.70.0

Description The issue allows an attacker to cause a denial of service attack by supplying content that causes htmlunit to crash due to a stack overflow when running on user-supplied web pages. This can happen when htmlunit is used to browse untrusted webpages.

Recommendations For versions prior to 2.70.0, update to version 2.70.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of htmlunit for browsing untrusted web pages until the update is applied.

Fix

Memory Corruption

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-400

Related Identifiers

CVE-2023-2798

GHSA-RC44-5CMH-879M

Affected Products

Htmlunit

CVE-2023-2798

Weakness Enumeration

Related Identifiers

Affected Products

References · 11