PT-2023-4746 · Google+5 · Angle+7

Dohyun Lee

Publicado

2023-08-29

Atualizado

2025-03-14

CVE-2023-4582

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 117 Firefox ESR versions prior to 115.2 Thunderbird versions prior to 115.2

Description The issue is related to a buffer overflow in the handling of private shader memory on macOS, specifically due to lenient allocation checks in Angle for glsl shaders. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is known to affect Firefox on macOS, while other operating systems are unaffected.

Recommendations For Firefox versions prior to 117, update to version 117 or later to resolve the issue. For Firefox ESR versions prior to 115.2, update to version 115.2 or later to resolve the issue. For Thunderbird versions prior to 115.2, update to version 115.2 or later to resolve the issue.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-120

Identificadores relacionados

ALT-PU-2023-5213

ALT-PU-2023-5754

ALT-PU-2023-5836

ALT-PU-2023-6436

ALT-PU-2024-14035

ALT-PU-2024-3614

ALT-PU-2024-3860

ALT-PU-2024-4241

ALT-PU-2024-4748

BDU:2023-05180

CVE-2023-4582

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2023_3519-1

OPENSUSE-SU-2023_3664-1

OPENSUSE-SU-2024:13176-1

OPENSUSE-SU-2024:13197-1

OPENSUSE-SU-2024:13202-1

OPENSUSE-SU-2024:14572-1

ROSA-SA-2024-2371

SUSE-SU-2023:3519-1

SUSE-SU-2023:3559-1

SUSE-SU-2023:3562-1

SUSE-SU-2023:3664-1

Produtos afetados

Alt Linux

Angle

Astra Linux

Firefox

Firefox Esr

Red Os

Suse

Thunderbird

PT-2023-4746 · Google+5 · Angle+7

CVE-2023-4582

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2091