CVE-2023-2798 - OpenCVE

Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Htmlunit	Htmlunit
Redhat	Migration Toolkit Applications Migration Toolkit Runtimes

Configuration 1 [-]

cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Migration Toolkit for Runtimes 1 on RHEL 8
com.google.guava-guava-parent	cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8	RHSA-2023:3814	2023-06-27T00:00:00Z
MTA-6.2-RHEL-9
mta/mta-operator-bundle:6.2.0-29	cpe:/a:redhat:migration_toolkit_applications:6.2::el9	RHSA-2023:4627	2023-08-14T00:00:00Z

References

Link	Providers
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613
https://github.com/HtmlUnit/htmlunit/commit/940dc7fd
https://nvd.nist.gov/vuln/detail/CVE-2023-2798
https://www.cve.org/CVERecord?id=CVE-2023-2798

History

No history.

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2023-05-25T13:54:52.191Z

Updated: 2024-08-02T06:33:05.702Z

Reserved: 2023-05-18T14:33:09.974Z

Link: CVE-2023-2798

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-25T14:15:10.320

Modified: 2023-12-07T17:56:27.147

Link: CVE-2023-2798

Redhat

Severity : Moderate

Publid Date: 2023-05-25T00:00:00Z

Links: CVE-2023-2798 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2798", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2023-05-18T14:33:09.974Z", "datePublished": "2023-05-25T13:54:52.191Z", "dateUpdated": "2024-08-02T06:33:05.702Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/HtmlUnit/", "defaultStatus": "unaffected", "packageName": "htmlunit", "repo": "https://github.com/HtmlUnit/htmlunit", "versions": [{"lessThan": "2.70.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "tool", "user": "00000000-0000-4000-9000-000000000000", "value": "OSS-Fuzz"}], "datePublic": "2023-01-19T15:41:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.</span><p>This issue affects htmlunit before 2.70.0.</p>"}], "value": "Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.\n\n"}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2023-05-25T13:54:52.191Z"}, "references": [{"url": "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd"}, {"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613"}], "source": {"discovery": "UNKNOWN"}, "title": "Denial of service in HtmlUnit", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.702Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd", "tags": ["x_transferred"]}, {"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C8AEB42-E6DB-4218-84F7-6C061E486001", "versionEndExcluding": "2.70.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.\n\n"}], "id": "CVE-2023-2798", "lastModified": "2023-12-07T17:56:27.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2023-05-25T14:15:10.320", "references": [{"source": "cve-coordination@google.com", "tags": ["Mailing List"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613"}, {"source": "cve-coordination@google.com", "tags": ["Patch"], "url": "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:3814", "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package": "com.google.guava-guava-parent", "product_name": "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date": "2023-06-27T00:00:00Z"}, {"advisory": "RHSA-2023:4627", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-operator-bundle:6.2.0-29", "product_name": "MTA-6.2-RHEL-9", "release_date": "2023-08-14T00:00:00Z"}], "bugzilla": {"description": "htmlUnit: Stack overflow crash causes Denial of Service (DoS)", "id": "2210366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210366"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.", "A flaw was found in HtmlUnit. This issue may allow a malicious user to supply content to htmlUnit, which could cause a crash by stack overflow, leading to a Denial of Service (DoS)."], "name": "CVE-2023-2798", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Affected", "package_name": "org.jboss.windup-windup-parent", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1", "fix_state": "Not affected", "package_name": "org.jboss.windup-windup-parent", "product_name": "Migration Toolkit for Runtimes"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "htmlUnit", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Out of support scope", "package_name": "htmlUnit", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "htmlUnit", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Not affected", "package_name": "htmlUnit", "product_name": "Red Hat Integration Camel Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "htmlUnit", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "htmlUnit", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "htmlUnit", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "htmlUnit", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "htmlUnit", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "htmlUnit", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "htmlUnit", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "htmlunit", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "htmlUnit", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "htmlUnit", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "htmlUnit", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "htmlUnit", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Not affected", "package_name": "htmlUnit", "product_name": "streams for Apache Kafka"}], "public_date": "2023-05-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-2798\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2798"], "threat_severity": "Moderate", "upstream_fix": "htmlunit 2.70.0"}