CVE-2023-51075

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.
References
Link Resource
https://github.com/dromara/hutool/issues/3421 Exploit Issue Tracking Third Party Advisory
https://github.com/dromara/hutool/issues/3421 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:hutool:hutool:5.8.23:*:*:*:*:*:*:*

History

21 Nov 2024, 08:37

Type Values Removed Values Added
References () https://github.com/dromara/hutool/issues/3421 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/dromara/hutool/issues/3421 - Exploit, Issue Tracking, Third Party Advisory

09 Jan 2024, 15:23

Type Values Removed Values Added
CWE CWE-835
References () https://github.com/dromara/hutool/issues/3421 - () https://github.com/dromara/hutool/issues/3421 - Exploit, Issue Tracking, Third Party Advisory
First Time Hutool hutool
Hutool
CPE cpe:2.3:a:hutool:hutool:5.8.23:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

27 Dec 2023, 21:37

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-27 21:15

Updated : 2024-11-21 08:37


NVD link : CVE-2023-51075

Mitre link : CVE-2023-51075

CVE.ORG link : CVE-2023-51075


JSON object : View

Products Affected

hutool

  • hutool
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')