VDB
CVE-2023-4572
CVE-2023-4572
PUBLISHED
Es besteht eine Schwachstelle in Google Chrome / Microsoft Edge. Dieser Fehler besteht in der MediaStream-Komponente aufgrund eines Use-after-free, das über eine manipulierte HTML-Seite zu einer Heap Corruption führt. Ein entfernter Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.32% · 55.2th percentile
Risk Scores
EPSS Score
0.32%
55.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedora | Fedora Linux | |
| Gentoo | Gentoo Linux | |
| Debian | Debian Linux |
Exploit Intelligence
- CIRCL seen: CVE-2023-4572 (circl-sighting)
- https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html (circl)
- https://crbug.com/1472492 (circl)
- https://www.debian.org/security/2023/dsa-5487 (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/ (circl)
- https://security.gentoo.org/glsa/202401-34 (circl)
Timeline
- Aug 29, 2023 CVE Published
- Aug 30, 2023 EPSS Score
- Aug 30, 2023 PoC Published
- Oct 2, 2023 EPSS Score
- Dec 7, 2023 EPSS Score
- Jan 8, 2024 EPSS Score
- Feb 10, 2024 EPSS Score
- Apr 16, 2024 EPSS Score
- May 19, 2024 EPSS Score
- Jun 21, 2024 EPSS Score
- Aug 25, 2024 EPSS Score
- Sep 27, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2215.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2215 advisory
- http://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html advisory
- https://lists.debian.org/debian-security-announce/2023/msg00179.html advisory
- https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4cc86adbd2 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-1e441f3098 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-d79ff22c5b advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e9ce7bf135 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-eb44efc398 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3efeaee7e4 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9a6fd7a504 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-509640a8a6 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c66924cb92 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-3bfb63f6d2 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-d58a84dda8 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-54433bc31f advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ea08732e6a advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-b427f54e68 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-79b0154754 advisory
…and 7 more