CVE-2023-24038 - OpenCVE

The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Html-stripscripts Project	Html-stripscripts

Configuration 1 [-]

cpe:2.3:a:html-stripscripts_project:html-stripscripts:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/clintongormley/perl-html-stripscripts/issues/3
https://lists.debian.org/debian-lts-announce/2023/01/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYD5PFRUUB4VVY52I5KA3RQ7SQOD7YM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASDRHN2MLGL2HGBUNDZG4YLUWW6NSUKD/
https://www.debian.org/security/2023/dsa-5339

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-01-21T00:00:00

Updated: 2024-08-02T10:49:08.988Z

Reserved: 2023-01-21T00:00:00

Link: CVE-2023-24038

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-21T01:15:15.183

Modified: 2023-11-07T04:08:16.147

Link: CVE-2023-24038

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-24038", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T10:49:08.988Z", "dateReserved": "2023-01-21T00:00:00", "datePublished": "2023-01-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-16T00:00:00"}, "descriptions": [{"lang": "en", "value": "The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/clintongormley/perl-html-stripscripts/issues/3"}, {"name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3296-1] libhtml-stripscripts-perl security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00036.html"}, {"name": "DSA-5339", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5339"}, {"name": "FEDORA-2023-a42aa9700f", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASDRHN2MLGL2HGBUNDZG4YLUWW6NSUKD/"}, {"name": "FEDORA-2023-6f16e3bcee", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYD5PFRUUB4VVY52I5KA3RQ7SQOD7YM/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:49:08.988Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/clintongormley/perl-html-stripscripts/issues/3", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3296-1] libhtml-stripscripts-perl security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00036.html"}, {"name": "DSA-5339", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5339"}, {"name": "FEDORA-2023-a42aa9700f", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASDRHN2MLGL2HGBUNDZG4YLUWW6NSUKD/"}, {"name": "FEDORA-2023-6f16e3bcee", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYD5PFRUUB4VVY52I5KA3RQ7SQOD7YM/"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:html-stripscripts_project:html-stripscripts:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FC5B237-24AC-4967-9652-456CC07B1610", "versionEndIncluding": "1.06", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes."}, {"lang": "es", "value": "El m\u00f3dulo HTML-StripScripts hasta la versi\u00f3n 1.06 para Perl permite _hss_attval_style ReDoS debido al retroceso catastr\u00f3fico del contenido HTML con ciertos atributos de estilo."}], "id": "CVE-2023-24038", "lastModified": "2023-11-07T04:08:16.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-21T01:15:15.183", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/clintongormley/perl-html-stripscripts/issues/3"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00036.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYD5PFRUUB4VVY52I5KA3RQ7SQOD7YM/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASDRHN2MLGL2HGBUNDZG4YLUWW6NSUKD/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2023/dsa-5339"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}