Lucene search

[email protected]CVE-2023-2135

HistoryApr 19, 2023 - 4:15 a.m.

CVE-2023-2135

2023-04-1904:15:31

CWE-416

[email protected]

web.nvd.nist.gov

cve-2023-2135

use after free

devtools

google chrome

remote attacker

heap corruption

crafted html page

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.003

Percentile

69.5%

JSON

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected configurations

NVD

Node

googlechromeRange<112.0.5615.137

Node

debiandebian_linuxMatch11.0

Node

fedoraprojectfedoraMatch36

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Chrome",
    "versions": [
      {
        "version": "112.0.5615.137",
        "status": "affected",
        "lessThan": "112.0.5615.137",
        "versionType": "custom"
      }
    ]
  }
]