PT-2022-6191 · Mozilla+10 · Firefox+10

Bwc

·

Published

2022-12-13

·

Updated

2024-12-12

·

CVE-2022-46871

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 108
Description The issue is related to an out-of-date library, libusrsctp, which contains vulnerabilities that could be exploited. This library is used by the Mozilla Firefox browser and is associated with a buffer overflow in memory. Exploitation of this issue may allow a remote attacker to use the vulnerable library and launch an attack on a device.
Recommendations For Firefox versions prior to 108, update to version 108 or later to resolve the issue. As a temporary workaround, consider restricting the use of the libusrsctp library until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-357CWE-1104CWE-119

Related Identifiers

ALSA-2023:0285
ALSA-2023:0288
ALSA-2023:0463
ALSA-2023:0476
ALT-PU-2022-3356
ALT-PU-2023-1043
ALT-PU-2023-1119
ALT-PU-2023-1140
ALT-PU-2023-1193
ALT-PU-2023-1243
ALT-PU-2023-1315
ALT-PU-2023-1758
ALT-PU-2023-4335
ALT-PU-2023-4365
ALT-PU-2023-5754
ALT-PU-2024-3614
BDU:2023-00384
BDU:2023-00385
CESA-2023_0288
CESA-2023_0296
CESA-2023_0456
CESA-2023_0463
CVE-2022-46871
DLA-3275-1
DLA-3324-1
DSA-5322-1
DSA-5355-1
MGASA-2023-0018
MGASA-2023-0034
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2023_0113-1
OPENSUSE-SU-2023_0329-1
OPENSUSE-SU-2024:12577-1
OPENSUSE-SU-2024:12627-1
OPENSUSE-SU-2024:12652-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:0285
RHSA-2023:0286
RHSA-2023:0288
RHSA-2023:0289
RHSA-2023:0290
RHSA-2023:0294
RHSA-2023:0295
RHSA-2023:0296
RHSA-2023:0456
RHSA-2023:0457
RHSA-2023:0459
RHSA-2023:0460
RHSA-2023:0461
RHSA-2023:0462
RHSA-2023:0463
RHSA-2023:0476
RHSA-2023_0285
RHSA-2023_0288
RHSA-2023_0296
RHSA-2023_0456
RHSA-2023_0463
RHSA-2023_0476
RLSA-2023:0285
RLSA-2023:0288
RLSA-2023:0463
RLSA-2023:0476
SUSE-SU-2023:0111-1
SUSE-SU-2023:0112-1
SUSE-SU-2023:0113-1
SUSE-SU-2023:0329-1
SUSE-SU-2023_0111-1
SUSE-SU-2023_0112-1
SUSE-SU-2023_0113-1
SUSE-SU-2023_0329-1
USN-5782-1
USN-5782-2
USN-5782-3
USN-5824-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu