Fluid Attacks Database

Description

htmlcleaner vulnerable to stack exhaustion An issue was discovered htmlcleaner through version 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	net.sourceforge.htmlcleaner:htmlcleaner	>=0 <2.29	2.29
debian 12	libhtmlcleaner-java	=2.26-1 \|\| >=0 <2.26-1+deb12u1	2.26-1+deb12u1
debian 13	libhtmlcleaner-java	>=0 <2.29-1	2.29-1
debian 14	libhtmlcleaner-java	>=0 <2.29-1	2.29-1
debian 11	libhtmlcleaner-java	=2.24-1 \|\| >=0 <2.24-1+deb11u1	2.24-1+deb11u1

Aliases

1. CVE-2023-346242. NVD-2023-346243. OSV-2023-346244. OSV-DEBIAN-2023-346245. GCVE-2023-346246. lists.debian.org7. SECURITY-TRACKER-CVE-2023-34624

References

1. https://github.com/amplafi/htmlcleaner/issues/132. https://www.debian.org/security/2023/dsa-5471

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.