Lucene search

K

Veracode Vulnerability DatabaseVERACODE:42457

HistoryAug 06, 2023 - 9:50 p.m.

Use After Free

2023-08-0621:50:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

chromium

vulnerability

webrtc

connection validation

denial of service

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

66.2%

chromium is vulnerable to Use After Free. The vulnerability exists in lack of validate WebRTC connection over HTTPS, which can result in Denial of Service.

References

bugzilla.mozilla.org/show_bug.cgi?id=1826002

lists.debian.org/debian-lts-announce/2023/07/msg00006.html

lists.debian.org/debian-lts-announce/2023/07/msg00015.html

security-tracker.debian.org/tracker/CVE-2023-37201

www.debian.org/security/2023/dsa-5450

www.debian.org/security/2023/dsa-5451

www.mozilla.org/security/advisories/mfsa2023-22/

www.mozilla.org/security/advisories/mfsa2023-23/

www.mozilla.org/security/advisories/mfsa2023-24/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

66.2%

Related for VERACODE:42457

prion1 redhatcve1 nvd1 debiancve1 ubuntucve1 cvelist1 alpinelinux1 cve1 nessus56 debian4 openvas20 oraclelinux6 osv13 redhat16 kaspersky3 almalinux4 rocky3 mageia1 slackware2 amazon1 mozilla3 ubuntu2 redos2 gentoo1 ibm1