CVE-2023-4863 vulnerability in Canonical and Other Products
Published on September 12, 2023
Known Exploited Vulnerability
This Google Chromium Heap-Based Buffer Overflow Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Google Chromium contains a heap-based buffer overflow vulnerability in WebP that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page.
The following remediation steps are recommended / required by October 4, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2023-4863 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2023-4863 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2023-4863
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-4863 are published in these products:
What versions are vulnerable to CVE-2023-4863?
- Google Chrome Fixed in Version 116.0.5845.187
- Fedora Project Fedora Version 37
- Fedora Project Fedora Version 38
- Fedora Project Fedora Version 39
- Debian Linux Version 10.0
- Debian Linux Version 11.0
- Debian Linux Version 12.0
- Mozilla Firefox Fixed in Version 117.0.1
- Mozilla Thunderbird Fixed in Version 102.15.1
- Mozilla FireFox Extended Support Release (ESR) Fixed in Version 102.15.1
- Mozilla Thunderbird Version 115.0 Fixed in Version 115.2.2
- Mozilla FireFox Extended Support Release (ESR) Version 115.0 Fixed in Version 115.2.1
- Microsoft Edge Browser Fixed in Version 117.0.2045.31
- Microsoft Teams Version 1.6.00.26474 desktop
- Microsoft Teams Version 1.6.00.26463 macos
- Microsoft Webp Image Extension Version 1.0.62681.0
- Microsoft Edge Chromium Fixed in Version 117.0.5938.62
- Webmproject Libwebp Fixed in Version 1.3.2
- NetApp Active Iq Unified Manager Version - vmware_vsphere
- Bentley Seequent Leapfrog Fixed in Version 2023.2