[CISA-2023:1002] CISA Adds One Known Exploited Vulnerability to Catalog
Severity
High
CVEs
1
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
[CVE-2023-5217] Google Chromium libvpx Heap Buffer Overflow Vulnerability
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.
- Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Google
- Product: Chromium libvpx
- Due Date: Mon Oct 23 00:00:00 2023
- Notes: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html; https://nvd.nist.gov/vuln/detail/CVE-2023-5217
- ID
- CISA-2023:1002
- Severity
- high
- Severity from
- CVE-2023-5217
- URL
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Published
-
2023-10-02T00:00:00
(11 months ago) - Modified
-
2023-10-02T00:00:00
(11 months ago) - Other Advisories
-
- ALPINE:CVE-2023-5217
- ALSA-2023:5434
- ALSA-2023:5435
- ALSA-2023:5537
- ALSA-2023:5539
- DSA-5508-1
- DSA-5509-1
- DSA-5510-1
- DSA-5513-1
- ELSA-2023-5428
- ELSA-2023-5433
- ELSA-2023-5434
- ELSA-2023-5435
- ELSA-2023-5475
- ELSA-2023-5477
- ELSA-2023-5537
- ELSA-2023-5539
- FEDORA-2023-0cd03c3746
- FEDORA-2023-10ff82e497
- FEDORA-2023-bbb8d72c6f
- FEDORA-2023-c890266d3f
- FEDORA-2023-c896cf87db
- FEDORA-2023-d66a01ad4f
- FEDORA-2023-f696934fbf
- FREEBSD:2BCD6BA4-D8E2-42E5-9033-B50B722821FB
- FREEBSD:6D9C6AAE-5EB1-11EE-8290-A8A1599412C6
- GLSA-202310-04
- GLSA-202401-34
- MFSA-2023-44
- MS:CVE-2023-5217
- NPM:GHSA-QQVQ-6XGJ-JW8G
- openSUSE-SU-2023:0277-1
- openSUSE-SU-2023:0297-1
- openSUSE-SU-2023:0298-1
- openSUSE-SU-2023:0365-1
- openSUSE-SU-2023:0366-1
- RHSA-2023:5428
- RHSA-2023:5433
- RHSA-2023:5434
- RHSA-2023:5435
- RHSA-2023:5475
- RHSA-2023:5477
- RHSA-2023:5537
- RHSA-2023:5539
- RLSA-2023:5428
- RLSA-2023:5435
- SSA:2023-271-01
- SSA:2023-273-01
- SSA:2023-273-02
- SUSE-SU-2023:3940-1
- SUSE-SU-2023:3941-1
- SUSE-SU-2023:3946-1
- SUSE-SU-2023:3948-1
- SUSE-SU-2023:3949-1
- SUSE-SU-2023:3950-1
- SUSE-SU-2023:4016-1
- USN-6403-1
- USN-6403-2
- USN-6403-3
- USN-6404-1
- USN-6405-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |