Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-2798

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months ago

Denial of service in HtmlUnit

Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613
https://github.com/HtmlUnit/htmlunit/commit/940dc7fd
https://github.com/HtmlUnit/htmlunit/commit/940dc7fd x_transferred
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613 x_transferred

Affected products

htmlunit

<2.70.0

Matching in nixpkgs

pkgs.htmlunit-driver

WebDriver server for running Selenium tests on the HtmlUnit headless browser

nixos-unstable -
- nixpkgs-unstable 2.27

Package maintainers

@coreyoconnor Corey O'Connor <coreyoconnor@gmail.com>
@offlinehacker Jaka Hudoklin <jaka@x-truder.net>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.htmlunit-driver

Package maintainers