CVE-2023-2798 — Uncontrolled Resource Consumption in Htmlunit

CWE-400 — Uncontrolled Resource Consumption CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 74.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Htmlunit

Timeline

PublishedMay 25

Description

Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDhtmlunit/htmlunit< 2.70.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Unrestricted recursion in htmlunit↗2023-05-25

▶

OSV

Unrestricted recursion in htmlunit↗2023-05-25

▶

CVEList

Denial of service in HtmlUnit↗2023-05-25

▶

OSV

CVE-2023-2798: Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS)↗2023-05-25

▶

📋Vendor Advisories

Red Hat

htmlUnit: Stack overflow crash causes Denial of Service (DoS)↗2023-05-25

▶