CVE-2023-5217 – electron

Package

Manager: npm
Name: electron
Vulnerable Version: >=0 <22.3.25 || >=24.0.0 <24.8.5 || >=25.0.0 <25.8.4 || >=26.0.0 <26.2.4 || >=27.0.0-alpha.1 <27.0.0-beta.8

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00999 pctl0.76123

Details

Electron affected by libvpx's heap buffer overflow in vp8 encoding Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Metadata

Created: 2023-09-28T18:30:45Z
Modified: 2024-02-15T15:02:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-qqvq-6xgj-jw8g/GHSA-qqvq-6xgj-jw8g.json
CWE IDs: ["CWE-787"]
Alternative ID: GHSA-qqvq-6xgj-jw8g
Finding: F111
Auto approve: 1