Lucene search

GoogleOSV:CVE-2023-5217

HistorySep 28, 2023 - 4:15 p.m.

CVE-2023-5217

2023-09-2816:15:10

Google

osv.dev

heap buffer overflow

libvpx

google chrome

exploit

security severity

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.245 Low

EPSS

Percentile

96.7%

JSON

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CPENameOperatorVersion
firefox-esreq115.9.1esr-1~deb12u1
firefox-esreq115.10.0esr-1~deb10u1
chromiumeq120.0.6099.216-1
chromiumeq100.0.4896.60-1
chromiumeq97.0.4692.99-1~deb11u2
chromiumeq114.0.5735.133-1
chromiumeq84.0.4147.105-1
chromiumeq112.0.5615.49-2
chromiumeq103.0.5060.134-1~deb11u1
thunderbirdeq1:102.13.1-1~deb11u1

Name	Operator	Version
firefox-esr	eq	115.9.1esr-1~deb12u1
firefox-esr	eq	115.10.0esr-1~deb10u1
chromium	eq	120.0.6099.216-1
chromium	eq	100.0.4896.60-1
chromium	eq	97.0.4692.99-1~deb11u2
chromium	eq	114.0.5735.133-1
chromium	eq	84.0.4147.105-1
chromium	eq	112.0.5615.49-2
chromium	eq	103.0.5060.134-1~deb11u1
thunderbird	eq	1:102.13.1-1~deb11u1

Rows per page:

1-10 of 4351

References

seclists.org/fulldisclosure/2023/Oct/12

seclists.org/fulldisclosure/2023/Oct/16

www.openwall.com/lists/oss-security/2023/09/28/5

www.openwall.com/lists/oss-security/2023/09/28/6

www.openwall.com/lists/oss-security/2023/09/29/1

www.openwall.com/lists/oss-security/2023/09/29/11

www.openwall.com/lists/oss-security/2023/09/29/12

www.openwall.com/lists/oss-security/2023/09/29/14

www.openwall.com/lists/oss-security/2023/09/29/2

www.openwall.com/lists/oss-security/2023/09/29/7

www.openwall.com/lists/oss-security/2023/09/29/9

www.openwall.com/lists/oss-security/2023/09/30/1

www.openwall.com/lists/oss-security/2023/09/30/2

www.openwall.com/lists/oss-security/2023/09/30/3

www.openwall.com/lists/oss-security/2023/09/30/4

www.openwall.com/lists/oss-security/2023/09/30/5

www.openwall.com/lists/oss-security/2023/10/01/1

www.openwall.com/lists/oss-security/2023/10/01/2

www.openwall.com/lists/oss-security/2023/10/01/5

www.openwall.com/lists/oss-security/2023/10/02/6

www.openwall.com/lists/oss-security/2023/10/03/11

arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/

bugzilla.redhat.com/show_bug.cgi?id=2241191

chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

crbug.com/1486441

github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590

github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282

github.com/webmproject/libvpx/releases/tag/v1.13.1

github.com/webmproject/libvpx/tags

lists.debian.org/debian-lts-announce/2023/09/msg00038.html

lists.debian.org/debian-lts-announce/2023/10/msg00001.html

lists.debian.org/debian-lts-announce/2023/10/msg00015.html

lists.fedoraproject.org/archives/list/[email protected]/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/

lists.fedoraproject.org/archives/list/[email protected]/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/

lists.fedoraproject.org/archives/list/[email protected]/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/

lists.fedoraproject.org/archives/list/[email protected]/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/

lists.fedoraproject.org/archives/list/[email protected]/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/

lists.fedoraproject.org/archives/list/[email protected]/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/

lists.fedoraproject.org/archives/list/[email protected]/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/

pastebin.com/TdkC4pDv

security-tracker.debian.org/tracker/CVE-2023-5217

security.gentoo.org/glsa/202310-04

security.gentoo.org/glsa/202401-34

stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/

support.apple.com/kb/HT213961

support.apple.com/kb/HT213972

twitter.com/maddiestone/status/1707163313711497266

www.debian.org/security/2023/dsa-5508

www.debian.org/security/2023/dsa-5509

www.debian.org/security/2023/dsa-5510

www.mozilla.org/en-US/security/advisories/mfsa2023-44/

www.openwall.com/lists/oss-security/2023/09/28/5

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.245 Low

EPSS

Percentile

96.7%

JSON

CVE-2023-5217

References

Related