CVE-2023-34624
published 2023-06-14CVE-2023-34624: An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic…
PriorityP430high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.05%
60.0th percentile
An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libhtmlcleaner-java | < libhtmlcleaner-java 2.26-1+deb12u1 (bookworm) | libhtmlcleaner-java 2.26-1+deb12u1 (bookworm) |
| htmlcleaner_project | htmlcleaner | <= 2.28 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-34624: An issue was discovered htmlcleaner thru = 2
osv·2023-06-14·CVSS 7.5
CVE-2023-34624 [HIGH] CVE-2023-34624: An issue was discovered htmlcleaner thru = 2
An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
OSV
htmlcleaner vulnerable to stack exhaustion
osv·2023-06-14
CVE-2023-34624 [HIGH] htmlcleaner vulnerable to stack exhaustion
htmlcleaner vulnerable to stack exhaustion
An issue was discovered htmlcleaner through version 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
GHSA
htmlcleaner vulnerable to stack exhaustion
ghsa·2023-06-14
CVE-2023-34624 [HIGH] CWE-400 htmlcleaner vulnerable to stack exhaustion
htmlcleaner vulnerable to stack exhaustion
An issue was discovered htmlcleaner through version 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
Ubuntu
HtmlCleaner vulnerability
vendor_ubuntu·2024-03-07
CVE-2023-34624 HtmlCleaner vulnerability
Title: HtmlCleaner vulnerability
Summary: libhtmlcleaner-java could be made to crash if it received specially crafted
input.
It was discovered that HtmlCleaner incorrectly handled certain html
documents. An attacker could possibly use this issue to cause a denial
of service via application crash.
Instructions: In general, a standard system update will make all the necessary changes.
Oracle
Oracle Oracle Supply Chain Risk Matrix: Security (HtmlCleaner) — CVE-2023-34624
vendor_oracle·2024-01-15·CVSS 7.5
CVE-2023-34624 [HIGH] Oracle Oracle Supply Chain Risk Matrix: Security (HtmlCleaner) — CVE-2023-34624
Oracle Oracle Supply Chain Risk Matrix: Security (HtmlCleaner) vulnerability
CVE: CVE-2023-34624
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2024 (JAN 2024)
Debian
CVE-2023-34624: libhtmlcleaner-java - An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a deni...
vendor_debian·2023·CVSS 7.5
CVE-2023-34624 [HIGH] CVE-2023-34624: libhtmlcleaner-java - An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a deni...
An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
Scope: local
bookworm: resolved (fixed in 2.26-1+deb12u1)
bullseye: resolved (fixed in 2.24-1+deb11u1)
forky: resolved (fixed in 2.29-1)
sid: resolved (fixed in 2.29-1)
trixie: resolved (fixed in 2.29-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/amplafi/htmlcleaner/issues/13https://lists.debian.org/debian-lts-announce/2023/08/msg00007.htmlhttps://www.debian.org/security/2023/dsa-5471https://github.com/amplafi/htmlcleaner/issues/13https://lists.debian.org/debian-lts-announce/2023/08/msg00007.htmlhttps://www.debian.org/security/2023/dsa-5471
2023-06-14
Published