Vulnerability Description
Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brave | Brave | < 1.42.51 |
Related Weaknesses (CWE)
References
- https://github.com/brave/brave-browser/issues/24093ExploitIssue TrackingThird Party Advisory
- https://github.com/brave/brave-core/commit/e73309665508c17e48a67e302d3ab02a38d3ePatchThird Party Advisory
- https://github.com/brave/brave-core/pull/14211PatchThird Party Advisory
- https://hackerone.com/reports/1636430Permissions RequiredThird Party Advisory
- https://github.com/brave/brave-browser/issues/24093ExploitIssue TrackingThird Party Advisory
- https://github.com/brave/brave-core/commit/e73309665508c17e48a67e302d3ab02a38d3ePatchThird Party Advisory
- https://github.com/brave/brave-core/pull/14211PatchThird Party Advisory
- https://hackerone.com/reports/1636430Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-47932?
CVE-2022-47932 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix f...
How severe is CVE-2022-47932?
CVE-2022-47932 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-47932?
Check the references section above for vendor advisories and patch information. Affected products include: Brave Brave.