GHSA-qqvq-6xgj-jw8g

Source

https://github.com/advisories/GHSA-qqvq-6xgj-jw8g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-qqvq-6xgj-jw8g/GHSA-qqvq-6xgj-jw8g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qqvq-6xgj-jw8g

Aliases

CVE-2023-5217

Published

2023-09-28T18:30:45Z

Modified

2024-02-15T15:02:25Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Details

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References

Affected packages

npm / electron

Package

Name: electron; View open source insights on deps.dev
Purl: pkg:npm/electron

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

22.3.25

npm / electron

Package

Name: electron; View open source insights on deps.dev
Purl: pkg:npm/electron

Affected ranges

Type: SEMVER
Events: Introduced

24.0.0

Fixed

24.8.5

npm / electron

Package

Name: electron; View open source insights on deps.dev
Purl: pkg:npm/electron

Affected ranges

Type: SEMVER
Events: Introduced

25.0.0

Fixed

25.8.4

npm / electron

Package

Name: electron; View open source insights on deps.dev
Purl: pkg:npm/electron

Affected ranges

Type: SEMVER
Events: Introduced

26.0.0

Fixed

26.2.4

npm / electron

Package

Name: electron; View open source insights on deps.dev
Purl: pkg:npm/electron

Affected ranges

Type: SEMVER
Events: Introduced

27.0.0-alpha.1

Fixed

27.0.0-beta.8