Denial of Service Vulnerability in Tidy 5.7.0: Segmentation Fault in prvTidyTidyMetaCharset Function

Denial of Service Vulnerability in Tidy 5.7.0: Segmentation Fault in prvTidyTidyMetaCharset Function

CVE-2017-17497 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.

Learn more about our Web Application Penetration Testing UK.