Vulnerability Description
Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brave | Brave | < 1.42.51 |
Related Weaknesses (CWE)
References
- https://github.com/brave/brave-browser/issues/23646ExploitIssue TrackingThird Party Advisory
- https://github.com/brave/brave-browser/issues/24378Issue TrackingRelease NotesThird Party Advisory
- https://github.com/brave/brave-core/commit/7ef8cb2f232abdf59ec9c3c99a086a14b972bPatchThird Party Advisory
- https://github.com/brave/brave-core/pull/13989PatchThird Party Advisory
- https://hackerone.com/reports/1610343Permissions RequiredThird Party Advisory
- https://github.com/brave/brave-browser/issues/23646ExploitIssue TrackingThird Party Advisory
- https://github.com/brave/brave-browser/issues/24378Issue TrackingRelease NotesThird Party Advisory
- https://github.com/brave/brave-core/commit/7ef8cb2f232abdf59ec9c3c99a086a14b972bPatchThird Party Advisory
- https://github.com/brave/brave-core/pull/13989PatchThird Party Advisory
- https://hackerone.com/reports/1610343Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-47933?
CVE-2022-47933 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in th...
How severe is CVE-2022-47933?
CVE-2022-47933 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-47933?
Check the references section above for vendor advisories and patch information. Affected products include: Brave Brave.