Vulnerability Description
Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brave | Brave | < 1.43.88 |
Related Weaknesses (CWE)
References
- https://github.com/brave/brave-browser/issues/24211ExploitIssue TrackingThird Party Advisory
- https://github.com/brave/brave-browser/issues/25106Issue TrackingRelease NotesThird Party Advisory
- https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee8PatchThird Party Advisory
- https://github.com/brave/brave-core/pull/14313PatchThird Party Advisory
- https://hackerone.com/reports/1646204Permissions RequiredThird Party Advisory
- https://github.com/brave/brave-browser/issues/24211ExploitIssue TrackingThird Party Advisory
- https://github.com/brave/brave-browser/issues/25106Issue TrackingRelease NotesThird Party Advisory
- https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee8PatchThird Party Advisory
- https://github.com/brave/brave-core/pull/14313PatchThird Party Advisory
- https://hackerone.com/reports/1646204Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-47934?
CVE-2022-47934 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an i...
How severe is CVE-2022-47934?
CVE-2022-47934 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-47934?
Check the references section above for vendor advisories and patch information. Affected products include: Brave Brave.