CISA KEV 정보
| 취약점명 | Google Chromium libvpx Heap Buffer Overflow Vulnerability |
|---|---|
| 설명 | Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome. |
| 조치사항 | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-787 |
| 등록일 (KEV) | 2023-10-02 |
| 조치 기한 | 2023-10-23 |
| 추가 참고 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html; https://nvd.nist.gov/vuln/detail/CVE-2023-5217 |
NVD 상세 정보
CVSS v3.1: 8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H설명: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CWE: CWE-787 | CWE-787
참조
- http://seclists.org/fulldisclosure/2023/Oct/12 [Mailing List, Third Party Advisory]
- http://seclists.org/fulldisclosure/2023/Oct/16 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/28/5 [Mailing List, Patch, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/28/6 [Mailing List, Patch, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/29/1 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/29/11 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/29/12 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/29/14 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/29/2 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/29/7 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/29/9 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/30/1 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/30/2 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/30/3 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/09/30/4 [Mailing List, Third Party Advisory]
- ... 외 90건
This product uses the NVD API but is not endorsed or certified by the NVD.