CVE-2023-29199

Risk Scores

Affected Products

Exploit Intelligence

• CIRCL seen: CVE-2023-29199 (circl-sighting)
• CIRCL seen: CVE-2023-29199 (circl-sighting)
• https://github.com/patriksimek/vm2/commit/24c724daa7c09f003e556d7cd1c7a8381cb985d7 (circl)
• https://github.com/patriksimek/vm2/releases/tag/3.9.16 (circl)
• https://github.com/patriksimek/vm2/issues/516 (circl)
• https://github.com/patriksimek/vm2/security/advisories/GHSA-xj72-wvfv-8985 (circl)
• Sandbox Escape in vm2@3.9.15 (osv)
• enclave.advanced-escape.spec.ts (github-poc)
• enclave.advanced-escape.spec.ts (github-poc)
• enclave.advanced-escape.spec.ts (github-poc)

…and 5 more exploits

Timeline

• Apr 12, 2023 CVE Published
• Apr 15, 2023 EPSS Score
• May 23, 2023 EPSS Score
• Jun 29, 2023 EPSS Score
• Sep 12, 2023 EPSS Score
• Nov 27, 2023 EPSS Score
• Feb 5, 2024 EPSS Score
• Feb 10, 2024 EPSS Score
• Apr 20, 2024 EPSS Score
• Jun 2, 2024 EPSS Score
• Aug 16, 2024 EPSS Score
• Sep 23, 2024 EPSS Score

References

• https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1004.json advisory
• https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1004 advisory
• https://access.redhat.com/errata/RHSA-2023:1897 advisory
• https://access.redhat.com/errata/RHSA-2023:1896 advisory
• https://access.redhat.com/errata/RHSA-2023:1894 advisory
• https://access.redhat.com/errata/RHSA-2023:1887 advisory
• https://access.redhat.com/errata/RHSA-2023:1888 advisory
• https://access.redhat.com/errata/RHSA-2023:1893 advisory
• https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv advisory
• https://github.com/patriksimek/vm2/security/advisories/GHSA-ch3r-j5x3-6q2m advisory
• https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq advisory
• https://github.com/patriksimek/vm2/security/advisories/GHSA-xj72-wvfv-8985 advisory