Denial of Service Vulnerability in Tidy 5.5.31: IsURLCodePoint Function in attrs.c

Denial of Service Vulnerability in Tidy 5.5.31: IsURLCodePoint Function in attrs.c

CVE-2017-13692 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument.

Learn more about our Web Application Penetration Testing UK.