Bug 2215234 (CVE-2023-34623) - CVE-2023-34623 jtidy: denial of service via crafted object that uses cyclic dependencies
Summary: CVE-2023-34623 jtidy: denial of service via crafted object that uses cyclic d...
Keywords:
Status: NEW
Alias: CVE-2023-34623
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2230047 2215235 2215236 2230041 2230043 2230044 2230046
Blocks: 2215237
TreeView+ depends on / blocked
 
Reported: 2023-06-15 06:39 UTC by Sandipan Roy
Modified: 2024-02-01 03:42 UTC (History)
86 users (show)

Fixed In Version: jtidy 1.0.4
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in jtidy when parsing untrusted html. If the parser is running on unsanitized user input, an attacker could craft a request that causes the parser to crash by stack overflow, resulting in a denial of service (DoS).
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Sandipan Roy 2023-06-15 06:39:00 UTC 
An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

https://github.com/trajano/jtidy/issues/4
Comment 17 TEJ RATHI 2023-08-08 14:33:31 UTC 
Created jtidy tracking bugs for this issue:

Affects: fedora-37 [bug 2230046]
Affects: fedora-38 [bug 2230047]
Note You need to log in before you can comment on or make changes to this bug.