Lucene search

K
cve[email protected]CVE-2023-5217
HistorySep 28, 2023 - 4:15 p.m.

CVE-2023-5217

2023-09-2816:15:10
CWE-787
web.nvd.nist.gov
689
In Wild
62
cve-2023-5217
libvpx
google chrome
heap buffer overflow
encoding
nvd
vulnerability
exploit
security

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.245 Low

EPSS

Percentile

96.7%

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected configurations

Vulners
NVD
Node
googlechromeRange<117.0.5938.132
OR
googlegoogle_appsRange<1.13.1

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Chrome",
    "versions": [
      {
        "version": "117.0.5938.132",
        "status": "affected",
        "lessThan": "117.0.5938.132",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Google",
    "product": "libvpx",
    "versions": [
      {
        "version": "1.13.1",
        "status": "affected",
        "lessThan": "1.13.1",
        "versionType": "custom"
      }
    ]
  }
]

References

Social References

More

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.245 Low

EPSS

Percentile

96.7%