Lucene search

[email protected]CVE-2022-47932

HistoryDec 24, 2022 - 10:15 p.m.

CVE-2022-47932

2022-12-2422:15:09

[email protected]

web.nvd.nist.gov

brave browser

vulnerability

denial of service

html

ipfs

ipns

incomplete fix

cve-2022-47932

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.7%

JSON

Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933.

Affected configurations

NVD

Node

bravebraveRange<1.42.51

CPENameOperatorVersion
brave:bravebravelt1.42.51

CPE	Name	Operator	Version
brave:brave	brave	lt	1.42.51

References

github.com/brave/brave-browser/issues/24093

github.com/brave/brave-core/commit/e73309665508c17e48a67e302d3ab02a38d3ef50

github.com/brave/brave-core/pull/14211

hackerone.com/reports/1636430

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.7%

JSON

Related for CVE-2022-47932

osv3 prion3 nvd3 cvelist3 cve2