CVE-2023-51080

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 27, 2023
Updated: Jan 4, 2024
CWE ID 787

Summary

CVE-2023-51080 is a newly disclosed vulnerability affecting the NumberUtil.toBigDecimal method in hutool-core version 5.8.23. This issue results in a stack overflow, potentially allowing an attacker to execute a denial-of-service (DoS) attack by providing specially crafted input to manipulate the function's stack frame, leading to excessive memory consumption and service unavailability. This vulnerability can impact applications that rely on the hutool-core library for BigDecimal conversions and should be addressed promptly by updating to a patched version.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share