Published: 21/01/2023 Updated: 07/11/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

The HTML-StripScripts module up to and including 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
html-stripscripts project html-stripscripts
debian debian linux 10.0

Debian Bug report logs - #1029400 libhtml-stripscripts-perl: CVE-2023-24038 Package: src:libhtml-stripscripts-perl; Maintainer for src:libhtml-stripscripts-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 22 Jan 2023 12:27:01 UTC ...

Ikeda Soji reported that libhtml-stripscripts-perl, a Perl module for removing scripts from HTML, is prone to a regular expression denial of service, due to catastrophic backtracking for HTML content with specially crafted style attributes For the stable distribution (bullseye), this problem has been fixed in version 106-1+deb11u1 We recommend t ...

NVD-CWE-Other https://github.com/clintongormley/perl-html-stripscripts/issues/3 https://lists.debian.org/debian-lts-announce/2023/01/msg00036.html https://www.debian.org/security/2023/dsa-5339 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASDRHN2MLGL2HGBUNDZG4YLUWW6NSUKD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYD5PFRUUB4VVY52I5KA3RQ7SQOD7YM/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029400 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5339

CVE-2023-24038

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect