Lucene search

K
redosRedosROS-20231016-04
HistoryOct 16, 2023 - 12:00 a.m.

ROS-20231016-04

2023-10-1600:00:00
redos.red-soft.ru
19
vulnerability
vp8 encoding
libvpx
google chrome
buffer overflow
remote code execution
crafted web page

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0.248

Percentile

96.7%

A vulnerability in the VP8 encoding function of the libvpx library in Google Chrome browser is related to a buffer overflow in dynamic memory.
buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker,
remotely execute arbitrary code when a user opens a specially crafted web page.
web page

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64libvpx<Β 1.8.2-4UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0.248

Percentile

96.7%