Lucene search

K

Redhat.comRH:CVE-2023-4049

HistoryAug 02, 2023 - 8:28 a.m.

CVE-2023-4049

2023-08-0208:28:20

redhat.com

access.redhat.com

12

race conditions

reference counting

use-after-free

vulnerabilities

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

50.6%

The Mozilla Foundation Security Advisory describes this flaw as: Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities.

References

bugzilla.redhat.com/show_bug.cgi?id=2228364

nvd.nist.gov/vuln/detail/CVE-2023-4049

www.cve.org/CVERecord?id=CVE-2023-4049

www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4049

www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4049

www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049

www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4049

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

50.6%

Related for RH:CVE-2023-4049