Vulnerability-Lookup

CVE-2023-4572 (GCVE-0-2023-4572)

Vulnerability from cvelistv5 – Published: 2023-08-29 19:48 – Updated: 2025-02-13 17:14

Summary

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity

No CVSS data available.

CWE

Use after free

Assigner

Chrome

References

7 references

URL	Tags
https://chromereleases.googleblog.com/2023/08/sta…
https://crbug.com/1472492
https://www.debian.org/security/2023/dsa-5487
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://security.gentoo.org/glsa/202401-34

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 116.0.5845.140 , < 116.0.5845.140 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://crbug.com/1472492"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-34"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "116.0.5845.140",
              "status": "affected",
              "version": "116.0.5845.140",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T17:11:09.166Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html"
        },
        {
          "url": "https://crbug.com/1472492"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5487"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-34"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2023-4572",
    "datePublished": "2023-08-29T19:48:55.614Z",
    "dateReserved": "2023-08-28T21:24:59.128Z",
    "dateUpdated": "2025-02-13T17:14:08.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-4572",
      "date": "2026-05-30",
      "epss": "0.00317",
      "percentile": "0.55076"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4572\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2023-08-29T20:15:10.480\",\"lastModified\":\"2024-11-21T08:35:27.320\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"},{\"lang\":\"es\",\"value\":\"El uso gratuito en MediaStream en Google Chrome anterior a 116.0.5845.140 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"116.0.5845.140\",\"matchCriteriaId\":\"B1D255C4-A2B7-45A5-9917-8FD2B8304CE0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1472492\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-34\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5487\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1472492\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-34\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

WID-SEC-W-2023-2215

Vulnerability from csaf_certbund - Published: 2023-08-29 22:00 - Updated: 2024-01-31 23:00

Summary

Google Chrome / Microsoft Edge: Schwachstelle ermöglicht Codeausführung

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Chrome ist ein Internet-Browser von Google. Edge ist ein Internet-Browser von Microsoft

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome / Microsoft Edge ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2023-4572

Es besteht eine Schwachstelle in Google Chrome / Microsoft Edge. Dieser Fehler besteht in der MediaStream-Komponente aufgrund eines Use-after-free, das über eine manipulierte HTML-Seite zu einer Heap Corruption führt. Ein entfernter Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.

Affected products

Known affected 3 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

27 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
http://chromereleases.googleblog.com/2023/08/stab…	external
https://lists.debian.org/debian-security-announce…	external
https://learn.microsoft.com/en-us/deployedge/micr…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://security.gentoo.org/glsa/202401-34	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Internet-Browser von Microsoft",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome / Microsoft Edge ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2215 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2215.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2215 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2215"
      },
      {
        "category": "external",
        "summary": "Google Chrome Security Releases vom 2023-08-29",
        "url": "http://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5487 vom 2023-08-31",
        "url": "https://lists.debian.org/debian-security-announce/2023/msg00179.html"
      },
      {
        "category": "external",
        "summary": "Release notes for Microsoft Edge Security Updates vom 2023-08-31",
        "url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-4CC86ADBD2 vom 2023-09-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4cc86adbd2"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-1E441F3098 vom 2023-09-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-1e441f3098"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-D79FF22C5B vom 2023-09-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d79ff22c5b"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-E9CE7BF135 vom 2023-09-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e9ce7bf135"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-EB44EFC398 vom 2023-09-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-eb44efc398"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-3EFEAEE7E4 vom 2023-09-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3efeaee7e4"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-9A6FD7A504 vom 2023-09-13",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9a6fd7a504"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-509640A8A6 vom 2023-09-13",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-509640a8a6"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-C66924CB92 vom 2023-09-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c66924cb92"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-3BFB63F6D2 vom 2023-09-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3bfb63f6d2"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-D58A84DDA8 vom 2023-09-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d58a84dda8"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-54433BC31F vom 2023-09-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-54433bc31f"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-EA08732E6A vom 2023-09-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ea08732e6a"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-B427F54E68 vom 2023-09-18",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-b427f54e68"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-79B0154754 vom 2023-09-18",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-79b0154754"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-05DC047BF8 vom 2023-09-18",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-05dc047bf8"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-9ABC3565B5 vom 2023-09-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9abc3565b5"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-09CC239FE3 vom 2023-09-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-09cc239fe3"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-981E9F53FF vom 2023-09-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-981e9f53ff"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-CCA1F87440 vom 2023-09-30",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-cca1f87440"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-EDC9C74369 vom 2023-09-30",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-edc9c74369"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202401-34 vom 2024-01-31",
        "url": "https://security.gentoo.org/glsa/202401-34"
      }
    ],
    "source_lang": "en-US",
    "title": "Google Chrome / Microsoft Edge: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-01-31T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:57:50.067+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2215",
      "initial_release_date": "2023-08-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-08-31T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-09-10T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-09-13T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-09-17T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-09-18T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-09-24T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-10-01T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-01-31T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Gentoo aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Google Chrome \u003c 116.0.5845.140",
                "product": {
                  "name": "Google Chrome \u003c 116.0.5845.140",
                  "product_id": "T029600",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:116.0.5845.140"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Google Chrome \u003c 116.0.5845.141",
                "product": {
                  "name": "Google Chrome \u003c 116.0.5845.141",
                  "product_id": "T029601",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:116.0.5845.141"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Chrome"
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft Edge \u003c 116.0.1938.69",
            "product": {
              "name": "Microsoft Edge \u003c 116.0.1938.69",
              "product_id": "T029672",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:edge:116.0.1938.69"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-4572",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Google Chrome / Microsoft Edge. Dieser Fehler besteht in der MediaStream-Komponente aufgrund eines Use-after-free, das \u00fcber eine manipulierte HTML-Seite zu einer Heap Corruption f\u00fchrt. Ein entfernter Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-08-29T22:00:00.000+00:00",
      "title": "CVE-2023-4572"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-4572 (GCVE-0-2023-4572)

WID-SEC-W-2023-2215

Tags

Sightings

Nomenclature