CVE-2023-2798
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 < 2.70.0 | affected |
Weaknesses
- CWE-400: CWE-400 Uncontrolled Resource Consumption
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/HtmlUnit/htmlunit/commit/940dc7fd
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613
References
- https://github.com/HtmlUnit/htmlunit/commit/940dc7fd
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.