Lucene search

MitreCVE-2022-47933

HistoryDec 24, 2022 - 10:15 p.m.

CVE-2022-47933

2022-12-2422:15:09

CWE-755

mitre

web.nvd.nist.gov

brave browser

cve-2022-47933

denial of service

ipfs scheme

security vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.004

Percentile

74.4%

JSON

Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc.

Affected configurations

Nvd

Node

bravebraveRange<1.42.51

VendorProductVersionCPE
bravebrave*cpe:2.3:a:brave:brave:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
brave	brave	*	cpe:2.3:a:brave:brave::::::::

References

github.com/brave/brave-browser/issues/23646

github.com/brave/brave-browser/issues/24378

github.com/brave/brave-core/commit/7ef8cb2f232abdf59ec9c3c99a086a14b972bc56

github.com/brave/brave-core/pull/13989

hackerone.com/reports/1610343

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.004

Percentile

74.4%

JSON

Related for CVE-2022-47933