CVE-2023-5217 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2023-5217?

CVE-2023-5217 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-5217?

Check the references section above for vendor advisories and patch information. Affected products include: Webmproject Libvpx, Microsoft Edge, Microsoft Edge Chromium, Mozilla Firefox, Mozilla Thunderbird.

Vulnerability Description

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Webmproject	Libvpx	< 1.13.1
Microsoft	Edge	116.0.1938.98
Microsoft	Edge Chromium	116.0.5845.229
Mozilla	Firefox	< 115.3.1
Mozilla	Thunderbird	< 115.3.1
Fedoraproject	Fedora	37
Debian	Debian Linux	10.0
Apple	Ipados	>= 17.0, < 17.0.3
Apple	Iphone Os	>= 17.0, < 17.0.3
Google	Chrome	< 117.0.5938.132
Redhat	Enterprise Linux	9.0

Related Weaknesses (CWE)

CWE-787

References

http://seclists.org/fulldisclosure/2023/Oct/12Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/16Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/28/5Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/28/6Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/29/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/29/11Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/29/12Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/29/14Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/29/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/29/7Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/29/9Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/30/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/30/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/30/3Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/30/4Mailing ListThird Party Advisory

FAQ

What is CVE-2023-5217?

CVE-2023-5217 is a vulnerability with a CVSS score of 8.8 (HIGH). Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chr...

How severe is CVE-2023-5217?

CVE-2023-5217 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5217?

Check the references section above for vendor advisories and patch information. Affected products include: Webmproject Libvpx, Microsoft Edge, Microsoft Edge Chromium, Mozilla Firefox, Mozilla Thunderbird.