CVE-2023-5217 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
A high-severity vulnerability, identified as CVE-2023-5217, has been discovered in vp8 encoding in libvpx, affecting Google Chrome versions prior to 117.0.5938.132 and libvpx 1.13.1. This heap buffer overflow vulnerability could potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. Various systems, including certain iPhone and iPad models, as well as Mozilla Firefox and Microsoft Edge browsers, are also impacted by this vulnerability.
How do I know if I'm affected?
If you're using Google Chrome, Mozilla Firefox, Microsoft Edge, or certain iPhone and iPad models, you might be affected by the CVE-2023-5217 vulnerability. Specifically, impacted versions include Google Chrome up to 117.0.5938.132, libvpx up to 1.13.1, Firefox up to 118.0.1, Firefox for Android up to 118.1, Firefox ESR up to 115.3.1, Firefox Focus for Android up to 118.1, Microsoft Edge 116.0.1938.98 and 117.0.2045.47, Edge Chromium 116.0.5845.229 and 117.0.5938.132, and Apple devices running iOS 16.7, 17.0 to 17.0.2, and iPadOS 16.7, 17.0 to 17.0.2.
What should I do if I'm affected?
If you're affected by this vulnerability, it's crucial to update your software. For browsers like Chrome, Firefox, and Edge, simply update to the latest version. For Apple devices, go to Settings, then General, and select Software Update to install the latest iOS or iPad OS version. By keeping your software up-to-date, you'll reduce the risk of exploitation.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-5217 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Google Chromium libvpx Heap Buffer Overflow Vulnerability, was added to the catalog on October 2, 2023, with a due date of October 23, 2023. The required action is to apply mitigations as per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-787 involves an out-of-bounds write issue, which could lead to a buffer overflow and arbitrary code execution. It affects Google Chrome, libvpx, and certain Apple devices.
For more details
CVE-2023-5217 is a high-severity vulnerability that affects various browsers and devices, with potential consequences including heap corruption and arbitrary code execution. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-5217 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
A high-severity vulnerability, identified as CVE-2023-5217, has been discovered in vp8 encoding in libvpx, affecting Google Chrome versions prior to 117.0.5938.132 and libvpx 1.13.1. This heap buffer overflow vulnerability could potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. Various systems, including certain iPhone and iPad models, as well as Mozilla Firefox and Microsoft Edge browsers, are also impacted by this vulnerability.
How do I know if I'm affected?
If you're using Google Chrome, Mozilla Firefox, Microsoft Edge, or certain iPhone and iPad models, you might be affected by the CVE-2023-5217 vulnerability. Specifically, impacted versions include Google Chrome up to 117.0.5938.132, libvpx up to 1.13.1, Firefox up to 118.0.1, Firefox for Android up to 118.1, Firefox ESR up to 115.3.1, Firefox Focus for Android up to 118.1, Microsoft Edge 116.0.1938.98 and 117.0.2045.47, Edge Chromium 116.0.5845.229 and 117.0.5938.132, and Apple devices running iOS 16.7, 17.0 to 17.0.2, and iPadOS 16.7, 17.0 to 17.0.2.
What should I do if I'm affected?
If you're affected by this vulnerability, it's crucial to update your software. For browsers like Chrome, Firefox, and Edge, simply update to the latest version. For Apple devices, go to Settings, then General, and select Software Update to install the latest iOS or iPad OS version. By keeping your software up-to-date, you'll reduce the risk of exploitation.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-5217 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Google Chromium libvpx Heap Buffer Overflow Vulnerability, was added to the catalog on October 2, 2023, with a due date of October 23, 2023. The required action is to apply mitigations as per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-787 involves an out-of-bounds write issue, which could lead to a buffer overflow and arbitrary code execution. It affects Google Chrome, libvpx, and certain Apple devices.
For more details
CVE-2023-5217 is a high-severity vulnerability that affects various browsers and devices, with potential consequences including heap corruption and arbitrary code execution. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-5217 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
A high-severity vulnerability, identified as CVE-2023-5217, has been discovered in vp8 encoding in libvpx, affecting Google Chrome versions prior to 117.0.5938.132 and libvpx 1.13.1. This heap buffer overflow vulnerability could potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. Various systems, including certain iPhone and iPad models, as well as Mozilla Firefox and Microsoft Edge browsers, are also impacted by this vulnerability.
How do I know if I'm affected?
If you're using Google Chrome, Mozilla Firefox, Microsoft Edge, or certain iPhone and iPad models, you might be affected by the CVE-2023-5217 vulnerability. Specifically, impacted versions include Google Chrome up to 117.0.5938.132, libvpx up to 1.13.1, Firefox up to 118.0.1, Firefox for Android up to 118.1, Firefox ESR up to 115.3.1, Firefox Focus for Android up to 118.1, Microsoft Edge 116.0.1938.98 and 117.0.2045.47, Edge Chromium 116.0.5845.229 and 117.0.5938.132, and Apple devices running iOS 16.7, 17.0 to 17.0.2, and iPadOS 16.7, 17.0 to 17.0.2.
What should I do if I'm affected?
If you're affected by this vulnerability, it's crucial to update your software. For browsers like Chrome, Firefox, and Edge, simply update to the latest version. For Apple devices, go to Settings, then General, and select Software Update to install the latest iOS or iPad OS version. By keeping your software up-to-date, you'll reduce the risk of exploitation.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-5217 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Google Chromium libvpx Heap Buffer Overflow Vulnerability, was added to the catalog on October 2, 2023, with a due date of October 23, 2023. The required action is to apply mitigations as per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-787 involves an out-of-bounds write issue, which could lead to a buffer overflow and arbitrary code execution. It affects Google Chrome, libvpx, and certain Apple devices.
For more details
CVE-2023-5217 is a high-severity vulnerability that affects various browsers and devices, with potential consequences including heap corruption and arbitrary code execution. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions