Lucene search

[email protected]NVD:CVE-2023-3217

HistoryJun 13, 2023 - 6:15 p.m.

CVE-2023-3217

2023-06-1318:15:22

CWE-416

[email protected]

web.nvd.nist.gov

cve-2023-3217

webxr

google chrome

heap corruption

crafted html page

chromium

high severity

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.5%

JSON

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected configurations

NVD

Node

googlechromeRange<114.0.5735.133

Node

debiandebian_linuxMatch11.0

debiandebian_linuxMatch12.0

fedoraprojectfedoraMatch38

References

packetstormsecurity.com/files/173495/Chrome-device-OpenXrApiWrapper-InitSession-Heap-Use-After-Free.html

chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html

crbug.com/1450601

lists.fedoraproject.org/archives/list/[email protected]/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/

lists.fedoraproject.org/archives/list/[email protected]/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/

security.gentoo.org/glsa/202311-11

security.gentoo.org/glsa/202401-34

www.debian.org/security/2023/dsa-5428

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.5%

JSON

Related for NVD:CVE-2023-3217

veracode1 osv2 ubuntucve1 cvelist1 mscve1 prion1 cve1 debiancve1 kaspersky2 openvas7 freebsd1 nessus10 chrome1 fedora2 debian1 gentoo2