PT-2023-7984 · Google+4 · Google Chrome+4

Clément Lecigne

Publicado

2023-12-19

Atualizado

2024-12-20

CVE-2023-7024

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 120.0.6099.129

Description A heap buffer overflow in WebRTC allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability is actively exploited and may cause crashes or code execution. The issue is due to a heap buffer overflow weakness in the open-source WebRTC framework.

Recommendations For Google Chrome versions prior to 120.0.6099.129, update to version 120.0.6099.129 or later to fix the heap buffer overflow vulnerability in WebRTC. As a temporary workaround, consider disabling WebRTC until a patch is available. Restrict access to WebRTC to minimize the risk of exploitation. Avoid using vulnerable WebRTC functions until the issue is resolved.

Exploit

Correção

Heap Based Buffer Overflow

Memory Corruption

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122CWE-787CWE-119

Identificadores relacionados

ALT-PU-2024-10294

ALT-PU-2024-14286

ALT-PU-2024-14830

ALT-PU-2024-2062

ALT-PU-2024-3216

BDU:2023-09068

CVE-2023-7024

DSA-5585-1

MGASA-2023-0355

OPENSUSE-SU-2024:0001-1

OPENSUSE-SU-2024:0002-1

OPENSUSE-SU-2024:0020-1

OPENSUSE-SU-2024:13532-1

OPENSUSE-SU-2024:13583-1

OPENSUSE-SU-2024:13585-1

OPENSUSE-SU-2024:14001-1

OPENSUSE-SU-2024_0001-1

OPENSUSE-SU-2024_0002-1

Produtos afetados

Alt Linux

Astra Linux

Google Chrome

Red Os

Suse

PT-2023-7984 · Google+4 · Google Chrome+4

CVE-2023-7024

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 185