CVE-2023-5217
Heap buffer overflow vulnerability in electron (npm)
What is CVE-2023-5217 About?
This vulnerability is a Heap buffer overflow in the vp8 encoding of libvpx, primarily affecting Google Chrome. Successful exploitation can lead to heap corruption, which may result in arbitrary code execution or denial of service by a remote attacker. It is relatively easy to exploit with a crafted HTML page.
Affected Software
- electron
- >25.0.0, <25.8.4
- >24.0.0, <24.8.5
- >26.0.0, <26.2.4
- <22.3.25
- >27.0.0-alpha.1, <27.0.0-beta.8
Technical Details
The vulnerability lies within the vp8 encoding component of libvpx. A remote attacker can craft a malicious HTML page that, when processed by a vulnerable version of Google Chrome or libvpx, triggers a heap buffer overflow. This occurs due to improper handling of memory boundaries during vp8 encoding, allowing data to be written beyond the allocated buffer on the heap. This out-of-bounds write corrupts adjacent memory, potentially leading to control flow hijacking or crashing the application.
What is the Impact of CVE-2023-5217?
Successful exploitation may allow attackers to execute arbitrary code, achieve denial of service, or leak sensitive information due to memory corruption.
What is the Exploitability of CVE-2023-5217?
Exploitation is considered straightforward due to the nature of a heap buffer overflow in a media processing library. It typically requires an attacker to lure a victim to a malicious website containing a specially crafted HTML page. No prior authentication is needed, and the attack is remote. The complexity is low, as the primary prerequisite is the victim visiting the prepared web page. The likelihood of successful exploitation is high given the 'High confidence exploit' maturity level, suggesting readily available or easily reproducible exploit methods.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| UT-Security | Link | A PoC to trigger CVE-2023-5217 from the Browser WebCodecs or MediaRecorder interface. |
| Trinadh465 | Link | PoC for CVE-2023-5217 |
| Trinadh465 | Link | PoC for CVE-2023-5217 |
What are the Available Fixes for CVE-2023-5217?
Available Upgrade Options
- electron
- <22.3.25 → Upgrade to 22.3.25
- electron
- >24.0.0, <24.8.5 → Upgrade to 24.8.5
- electron
- >25.0.0, <25.8.4 → Upgrade to 25.8.4
- electron
- >26.0.0, <26.2.4 → Upgrade to 26.2.4
- electron
- >27.0.0-alpha.1, <27.0.0-beta.8 → Upgrade to 27.0.0-beta.8
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://pastebin.com/TdkC4pDv
- https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/
- http://www.openwall.com/lists/oss-security/2023/09/29/9
- http://seclists.org/fulldisclosure/2023/Oct/16
- https://github.com/webmproject/libvpx/releases/tag/v1.13.1
- https://github.com/electron/electron
- http://www.openwall.com/lists/oss-security/2023/09/30/3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB
- http://www.openwall.com/lists/oss-security/2023/10/01/1
- http://www.openwall.com/lists/oss-security/2023/09/29/12
What are Similar Vulnerabilities to CVE-2023-5217?
Similar Vulnerabilities: CVE-2023-5129 , CVE-2023-4762 , CVE-2023-3807 , CVE-2022-2276 , CVE-2022-1925
