Bug 2210366 (CVE-2023-2798)

Summary: CVE-2023-2798 htmlUnit: Stack overflow crash causes Denial of Service (DoS)
Product: [Other] Security Response Reporter: Patrick Del Bello <pdelbell>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aileenc, alampare, alazarot, anstephe, asoldano, avibelli, bbaranow, bgeorges, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dhanak, dkreling, dosoudil, drichtar, emingora, fjuma, fmongiar, gjospin, gmalinko, hbraun, ibek, ivassile, iweiss, janstey, jnethert, jpavlik, jrokos, jross, jscholz, kverlaen, lbacciot, lgao, lthon, mnovotny, mosmerov, msochure, msvehla, nwallace, pdelbell, pdrozd, peholase, pgallagh, pjindal, pmackay, pskopek, rguimara, rjohnson, rowaters, rrajasek, rruss, rstancel, smaestri, sthorger, swoodman, tom.jenkinson
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: htmlunit 2.70.0 Doc Type: ---
Doc Text:
A flaw was found in HtmlUnit. This issue may allow a malicious user to supply content to htmlUnit, which could cause a crash by stack overflow, leading to a Denial of Service (DoS).
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-27 15:29:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2210640, 2210642    
Bug Blocks: 2210115    

Description Patrick Del Bello 2023-05-26 20:09:48 UTC 
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.



https://github.com/HtmlUnit/htmlunit/commit/940dc7fd
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613
Comment 1 Avinash Hanwate 2023-05-29 04:15:59 UTC 
Created rstudio tracking bugs for this issue:

Affects: fedora-all [bug 2210640]


Created rubygem-nokogiri tracking bugs for this issue:

Affects: fedora-all [bug 2210642]
Comment 3 errata-xmlrpc 2023-06-27 10:56:41 UTC 
This issue has been addressed in the following products:

  Migration Toolkit for Runtimes 1 on RHEL 8

Via RHSA-2023:3814 https://access.redhat.com/errata/RHSA-2023:3814
Comment 4 Product Security DevOps Team 2023-06-27 15:29:48 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-2798
Comment 5 errata-xmlrpc 2023-08-14 01:03:01 UTC 
This issue has been addressed in the following products:

  MTA-6.2-RHEL-9
  MTA-6.2-RHEL-8

Via RHSA-2023:4627 https://access.redhat.com/errata/RHSA-2023:4627