Lucene search

K
redosRedosROS-20240329-06
HistoryMar 29, 2024 - 12:00 a.m.

ROS-20240329-06

2024-03-2900:00:00
redos.red-soft.ru
15
webaudio
navigation
garbage collector
google chrome
microsoft edge
vulnerability
memory usage
arbitrary code execution
remote attacker
specially crafted html page
specially crafted web page

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.002

Percentile

61.0%

The vulnerability in the WebAudio component of Google Chrome and Microsoft Edge browsers is related to memory usage
after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code using a specially crafted HTML page

A vulnerability in the Navigation component of Google Chrome and Microsoft Edge browsers is related to the use of memory after it has been freed.
memory after it has been freed. Exploitation of the vulnerability could allow a remote attacker,
execute arbitrary code using a specially crafted web page

Vulnerability in the Garbage Collector component of Google Chrome and Microsoft Edge browsers is related to the use of memory after it has been freed.
is related to memory usage after it has been freed. Exploitation of the vulnerability could allow
an attacker acting remotely to execute arbitrary code using a specially crafted web page.
web page

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64chromium< 120.0.6099.224-1UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.002

Percentile

61.0%