Lucene search

[email protected]NVD:CVE-2022-47933

HistoryDec 24, 2022 - 10:15 p.m.

CVE-2022-47933

2022-12-2422:15:09

CWE-755

[email protected]

web.nvd.nist.gov

brave browser

dos

html file

ipfs scheme

ipfsredirectwork

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

61.7%

JSON

Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc.

Affected configurations

NVD

Node

bravebraveRange<1.42.51

References

github.com/brave/brave-browser/issues/23646

github.com/brave/brave-browser/issues/24378

github.com/brave/brave-core/commit/7ef8cb2f232abdf59ec9c3c99a086a14b972bc56

github.com/brave/brave-core/pull/13989

hackerone.com/reports/1610343

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

61.7%

JSON

Related for NVD:CVE-2022-47933

osv2 cve2 cvelist2 prion2 nvd1