Headline
CVE-2023-2798: remove recursion to make the fuzzer happy · HtmlUnit/htmlunit@940dc7f
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.
Expand Up @@ -1453,18 +1453,19 @@ private DomNode getNextElementUpwards(final DomNode startingNode) { if (startingNode == DomNode.this) { return null; } final DomNode parent = startingNode.getParentNode(); if (parent == null || parent == DomNode.this) { return null; } DomNode next = parent.getNextSibling(); while (next != null && !isAccepted(next)) { next = next.getNextSibling(); } if (next == null) { return getNextElementUpwards(parent);
DomNode parent = startingNode.getParentNode(); while (parent != null && parent != DomNode.this) { DomNode next = parent.getNextSibling(); while (next != null && !isAccepted(next)) { next = next.getNextSibling(); } if (next != null) { return next; } parent = parent.getParentNode(); } return next; return null; }
private DomNode getFirstChildElement(final DomNode parent) { Expand Down Expand Up @@ -1763,7 +1764,8 @@ public void removeCharacterDataChangeListener(final CharacterDataChangeListener protected void fireCharacterDataChanged(final CharacterDataChangeEvent event) { DomNode toInform = this; while (toInform != null) { final List<CharacterDataChangeListener> listeners = safeGetCharacterDataListeners();
final List<CharacterDataChangeListener> listeners = toInform.safeGetCharacterDataListeners(); if (listeners != null) { for (final CharacterDataChangeListener listener : listeners) { listener.characterDataChanged(event); Expand Down
Related news
Red Hat Security Advisory 2023-4627-01 - Migration Toolkit for Applications 6.2.0 Images. Issues addressed include a denial of service vulnerability.
Migration Toolkit for Applications 6.2.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-4492: A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a...
Red Hat Security Advisory 2023-3814-01 - Migration Toolkit for Runtimes 1.1.1 ZIP artifacts. Issues addressed include a denial of service vulnerability.
An update is now available for Migration Toolkit for Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2798: A flaw was found in HtmlUnit. This issue may allow a malicious user to supply content to htmlUnit, which could cause a crash by stack overflow, leading to a Denial of Service (DoS). * CVE-2023-22899: A flaw was found in Zip4j. In this issue, it does not always check the MAC when decrypting a ZIP archive.
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack. This issue affects HtmlUnit before 2.70.0.