CVE-2023-2798: Denial of service in HtmlUnit
First published: Thu May 25 2023(Updated: )
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack. This issue affects HtmlUnit before 2.70.0.
Credit: cve-coordination@google.com cve-coordination@google.com cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Htmlunit Project Htmlunit | <2.70.0 | |
| Htmlunit Htmlunit | <2.70.0 | |
| maven/org.htmlunit:htmlunit | <2.70.0 | 2.70.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2023-2798
- https://github.com/HtmlUnit/htmlunit/commit/940dc7fd
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613
- https://github.com/HtmlUnit/htmlunit/releases/tag/2.70.0
- https://github.com/advisories/GHSA-rc44-5cmh-879m (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2210640
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2210642
- https://access.redhat.com/errata/RHSA-2023:3814
- https://access.redhat.com/security/cve/cve-2023-2798
- https://access.redhat.com/errata/RHSA-2023:4627
- https://bugzilla.redhat.com/show_bug.cgi?id=2210366
Frequently Asked Questions
What is CVE-2023-2798?
CVE-2023-2798 is a vulnerability that affects HtmlUnit, a tool used to browse webpages, and allows for Denial of Service attacks.
How does CVE-2023-2798 impact users?
CVE-2023-2798 can cause HtmlUnit to crash when browsing user-supplied webpages, potentially leading to a denial of service attack.
What is the severity of CVE-2023-2798?
CVE-2023-2798 has a severity rating of high (7) due to its potential impact on availability and the possibility of a denial of service attack.
Which software is affected by CVE-2023-2798?
HtmlUnit versions up to 2.70.0, org.htmlunit:htmlunit up to version 2.70.0, and Red Hat's htmlunit package up to version 2.70.0 are affected by CVE-2023-2798.
How can users fix CVE-2023-2798?
Users should update HtmlUnit to version 2.70.0 or above to mitigate the vulnerability.
- collector/nvd-latest
- collector/github-advisory-latest
- alias/GHSA-rc44-5cmh-879m
- alias/CVE-2023-2798
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- collector/nvd-api
- agent/type
- agent/weakness
- agent/softwarecombine
- agent/severity
- agent/author
- agent/references
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- vendor/htmlunit project
- canonical/htmlunit project htmlunit
- package-manager/maven
- vendor/htmlunit
- canonical/htmlunit htmlunit
- package-manager/redhat