Lucene search

GoogleOSV:CVE-2024-4771

HistoryMay 14, 2024 - 6:15 p.m.

CVE-2024-4771

2024-05-1418:15:00

Google

osv.dev

memory allocation

use-after-free

code execution

firefox

vulnerability

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

6.6

Confidence

Low

JSON

A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.

References

bugzilla.mozilla.org/show_bug.cgi?id=1893891

ubuntu.com/security/CVE-2024-4771

ubuntu.com/security/notices/USN-6779-1

www.cve.org/CVERecord?id=CVE-2024-4771

www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4771

www.mozilla.org/security/advisories/mfsa2024-21/

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

6.6

Confidence

Low

JSON

Related for OSV:CVE-2024-4771