Aller au contenu
Appaloosa Scout
HIGH 8.8 KEV

CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Ajouté au KEV
2023-10-02
Deadline remédiation
2023-10-23
Action requise
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Ransomware
Non

Apps mobiles affectées

Firefox : Navigateur privé
Android
org.mozilla.firefox
1 CVE 1 KEV
Firefox: Navigateur Internet
iOS
org.mozilla.ios.Firefox
1 CVE 1 KEV
Google Chrome
Android
com.android.chrome
1 CVE 1 KEV
Google Chrome
iOS
com.google.chrome.ios
1 CVE 1 KEV
Microsoft Edge
iOS
com.microsoft.msedge
1 CVE 1 KEV
Microsoft Edge: navigateur IA
Android
com.microsoft.emmx
1 CVE 1 KEV

Configurations CPE vulnérables

Vendor Produit Plateforme Versions CPE 2.3 URI
microsoft edge Android cpe:2.3:a:microsoft:edge:116.0.1938.98:*:*:*:*:*:*:*
microsoft edge iOS cpe:2.3:a:microsoft:edge:116.0.1938.98:*:*:*:*:*:*:*
microsoft edge Android cpe:2.3:a:microsoft:edge:117.0.2045.47:*:*:*:*:*:*:*
microsoft edge iOS cpe:2.3:a:microsoft:edge:117.0.2045.47:*:*:*:*:*:*:*
mozilla firefox Android <115.3.1 cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
mozilla firefox iOS <115.3.1 cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
mozilla firefox Android <118.0.1 cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
mozilla firefox iOS <118.0.1 cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
mozilla firefox Android <118.1 cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*
google chrome Android <117.0.5938.132 cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
google chrome iOS <117.0.5938.132 cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Voir sur NVD ↗ Catalogue CISA KEV ↗