Vulnerabilites related to webrtc_project - webrtc
Vulnerability from fkie_nvd
Published
2016-03-13 18:59
Modified
2024-11-21 02:47
Severity ?
Summary
Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", matchCriteriaId: "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "A2CA2CAD-3088-47C2-AE3A-607E6064E9BE", versionEndIncluding: "44.0.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webrtc_project:webrtc:-:*:*:*:*:*:*:*", matchCriteriaId: "A512F860-997E-44AC-9908-5F196BE2937A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad de uso después de liberación de memoria en la clase DesktopDisplayDevice en la implementación de WebRTC en Mozilla Firefox en versiones anteriores a 45.0 en Windows podría permitir a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", id: "CVE-2016-1976", lastModified: "2024-11-21T02:47:28.477", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-03-13T18:59:25.430", references: [ { source: "security@mozilla.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", }, { source: "security@mozilla.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", }, { source: "security@mozilla.org", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html", }, { source: "security@mozilla.org", url: "http://www.securityfocus.com/bid/84220", }, { source: "security@mozilla.org", url: "http://www.securitytracker.com/id/1035215", }, { source: "security@mozilla.org", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1176340", }, { source: "security@mozilla.org", url: "https://security.gentoo.org/glsa/201605-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/84220", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1176340", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201605-06", }, ], sourceIdentifier: "security@mozilla.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 02:15
Modified
2025-02-03 14:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| webkitgtk | webkitgtk | * | |
| wpewebkit | wpe_webkit | * | |
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | macos | * | |
| apple | macos | * | |
| apple | tvos | * | |
| apple | watchos | * | |
| webrtc_project | webrtc | - |
{ cisaActionDue: "2022-09-15", cisaExploitAdd: "2022-08-25", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "WebRTC Heap Buffer Overflow Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", matchCriteriaId: "2C5C5639-A741-4DB9-A5CB-A61D870AB8BC", versionEndExcluding: "103.0.5060.114", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", matchCriteriaId: "A5D47424-F907-4F9B-BA4D-B28362754C37", versionEndExcluding: "2.36.5", vulnerable: true, }, { criteria: "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*", matchCriteriaId: "979A5C2A-8BD4-4ADF-9FE5-06019FF45B18", versionEndExcluding: "2.36.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F5E4F87A-8003-43EB-99F7-35C82AEA4DC0", versionEndExcluding: "15.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B6FA9FE3-1891-405C-B191-04CAB84ADD46", versionEndExcluding: "15.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "EF8C1CB5-DACB-449C-9E07-E477142C589F", versionEndExcluding: "10.15.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", matchCriteriaId: "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", matchCriteriaId: "F12CC8B5-C1EB-419E-8496-B9A3864656AD", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", matchCriteriaId: "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", matchCriteriaId: "7FD7176C-F4D1-43A7-9E49-BA92CA0D9980", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", matchCriteriaId: "2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", matchCriteriaId: "0F441A43-1669-478D-9EC8-E96882DE4F9F", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", matchCriteriaId: "D425C653-37A2-448C-BF2F-B684ADB08A26", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", matchCriteriaId: "A54D63B7-B92B-47C3-B1C5-9892E5873A98", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", matchCriteriaId: "3456176F-9185-4EE2-A8CE-3D989D674AB7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", matchCriteriaId: "D337EE21-2F00-484D-9285-F2B0248D7A19", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", matchCriteriaId: "012052B5-9AA7-4FD3-9C80-5F615330039D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", matchCriteriaId: "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", matchCriteriaId: "8E974DC6-F7D9-4389-9AF9-863F6E419CE6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", matchCriteriaId: "156A6382-2BD3-4882-90B2-8E7CF6659E17", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", matchCriteriaId: "20A2FDB2-6712-406A-9896-C0B44508B07D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", matchCriteriaId: "49F537A0-DC42-4176-B22F-C80D179DD99D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-004:*:*:*:*:*:*", matchCriteriaId: "1E463183-7E29-464F-B459-F3E1D62501FC", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "98D9705D-81A6-421C-973C-A2E57D1EF51D", versionEndExcluding: "11.6.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "BFABC0C7-944C-4B46-A985-8B4F8BF93F54", versionEndExcluding: "12.5", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "83FC1965-2381-49FF-9521-355D29B28B71", versionEndExcluding: "15.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8EB2AF3C-B2A0-41AD-9C3E-14B220620FF0", versionEndExcluding: "8.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webrtc_project:webrtc:-:*:*:*:*:*:*:*", matchCriteriaId: "A512F860-997E-44AC-9908-5F196BE2937A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", }, { lang: "es", value: "Un desbordamiento del búfer de la pila en WebRTC en Google Chrome versiones anteriores a 103.0.5060.114, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada", }, ], id: "CVE-2022-2294", lastModified: "2025-02-03T14:15:33.053", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-07-28T02:15:07.797", references: [ { source: "chrome-cve-admin@google.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/07/28/2", }, { source: "chrome-cve-admin@google.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html", }, { source: "chrome-cve-admin@google.com", tags: [ "Permissions Required", ], url: "https://crbug.com/1341043", }, { source: "chrome-cve-admin@google.com", tags: [ "Broken Link", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/", }, { source: "chrome-cve-admin@google.com", tags: [ "Broken Link", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-35", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-39", }, { source: "chrome-cve-admin@google.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202311-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/07/28/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://crbug.com/1341043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-35", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-39", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202311-11", }, ], sourceIdentifier: "chrome-cve-admin@google.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-18 04:15
Modified
2024-11-21 06:00
Severity ?
Summary
Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn't allow the user to continue if verification has failed.)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pion/webrtc/issues/1708 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pion/webrtc/issues/1708 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webrtc_project | webrtc | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webrtc_project:webrtc:*:*:*:*:*:*:*:*", matchCriteriaId: "6268E745-4C5D-4103-AD3F-0B16DBA1B1CD", versionEndExcluding: "3.0.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn't allow the user to continue if verification has failed.)", }, { lang: "es", value: "Pion WebRTC versiones anteriores a 3.0.15, no eliminó apropiadamente la conexión DTLS cuando falló una comprobación del certificado. El PeerConnectionState se configuró para un fallo, pero un usuario podría ignorarlo y continuar usando PeerConnection. (Una implementación de WebRTC no debería permitir al usuario continuar si la comprobación ha fallado)", }, ], id: "CVE-2021-28681", lastModified: "2024-11-21T06:00:07.237", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T04:15:14.617", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/pion/webrtc/issues/1708", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/pion/webrtc/issues/1708", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-03-13 18:59
Modified
2024-11-21 02:47
Severity ?
Summary
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webrtc_project | webrtc | - | |
| mozilla | firefox | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webrtc_project:webrtc:-:*:*:*:*:*:*:*", matchCriteriaId: "A512F860-997E-44AC-9908-5F196BE2937A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "A2CA2CAD-3088-47C2-AE3A-607E6064E9BE", versionEndIncluding: "44.0.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.", }, { lang: "es", value: "Múltiples condiciones de carrera en dom/media/systemservices/CamerasChild.cpp en la implementación de WebRTC en Mozilla Firefox en versiones anteriores a 45.0 en Windows podría permitir a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores desconocidos.", }, ], id: "CVE-2016-1975", lastModified: "2024-11-21T02:47:28.367", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-03-13T18:59:24.287", references: [ { source: "security@mozilla.org", url: "http://hg.mozilla.org/releases/mozilla-release/rev/bafc86c12e63", }, { source: "security@mozilla.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", }, { source: "security@mozilla.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", }, { source: "security@mozilla.org", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html", }, { source: "security@mozilla.org", url: "http://www.securityfocus.com/bid/84220", }, { source: "security@mozilla.org", url: "http://www.securitytracker.com/id/1035215", }, { source: "security@mozilla.org", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1230768", }, { source: "security@mozilla.org", url: "https://security.gentoo.org/glsa/201605-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://hg.mozilla.org/releases/mozilla-release/rev/bafc86c12e63", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/84220", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1230768", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201605-06", }, ], sourceIdentifier: "security@mozilla.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2016-1976
Vulnerability from cvelistv5
Published
2016-03-13 18:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/84220 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html | vendor-advisory, x_refsource_SUSE | |
| http://www.mozilla.org/security/announce/2016/mfsa2016-32.html | x_refsource_CONFIRM | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1176340 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1035215 | vdb-entry, x_refsource_SECTRACK | |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.176Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "84220", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/84220", }, { name: "openSUSE-SU-2016:0731", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1176340", }, { name: "openSUSE-SU-2016:0733", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", }, { name: "1035215", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035215", }, { name: "GLSA-201605-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201605-06", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-08T00:00:00", descriptions: [ { lang: "en", value: "Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-01T15:57:02", orgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", shortName: "mozilla", }, references: [ { name: "84220", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/84220", }, { name: "openSUSE-SU-2016:0731", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1176340", }, { name: "openSUSE-SU-2016:0733", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", }, { name: "1035215", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035215", }, { name: "GLSA-201605-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201605-06", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@mozilla.org", ID: "CVE-2016-1976", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "84220", refsource: "BID", url: "http://www.securityfocus.com/bid/84220", }, { name: "openSUSE-SU-2016:0731", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", }, { name: "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=1176340", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1176340", }, { name: "openSUSE-SU-2016:0733", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", }, { name: "1035215", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035215", }, { name: "GLSA-201605-06", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201605-06", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", assignerShortName: "mozilla", cveId: "CVE-2016-1976", datePublished: "2016-03-13T18:00:00", dateReserved: "2016-01-20T00:00:00", dateUpdated: "2024-08-05T23:17:50.176Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2294
Vulnerability from cvelistv5
Published
2022-07-28 00:00
Modified
2025-02-03 14:09
Severity ?
EPSS score ?
Summary
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:32:09.581Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://crbug.com/1341043", }, { tags: [ "x_transferred", ], url: "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html", }, { name: "FEDORA-2022-0102ccc2a2", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/", }, { name: "FEDORA-2022-1d3d5a0341", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/", }, { name: "[oss-security] 20220728 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0007", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/28/2", }, { name: "GLSA-202208-35", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-35", }, { name: "GLSA-202208-39", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-39", }, { name: "GLSA-202311-11", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-11", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-2294", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-12T15:04:35.048645Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-08-25", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-2294", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T14:09:33.958Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Chrome", vendor: "Google", versions: [ { lessThan: "103.0.5060.114", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", }, ], problemTypes: [ { descriptions: [ { description: "Heap buffer overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-25T11:06:49.314Z", orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", shortName: "Chrome", }, references: [ { url: "https://crbug.com/1341043", }, { url: "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html", }, { name: "FEDORA-2022-0102ccc2a2", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/", }, { name: "FEDORA-2022-1d3d5a0341", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/", }, { name: "[oss-security] 20220728 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0007", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/28/2", }, { name: "GLSA-202208-35", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202208-35", }, { name: "GLSA-202208-39", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202208-39", }, { name: "GLSA-202311-11", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202311-11", }, ], }, }, cveMetadata: { assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", assignerShortName: "Chrome", cveId: "CVE-2022-2294", datePublished: "2022-07-28T00:00:00.000Z", dateReserved: "2022-07-03T00:00:00.000Z", dateUpdated: "2025-02-03T14:09:33.958Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28681
Vulnerability from cvelistv5
Published
2021-03-18 03:20
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn't allow the user to continue if verification has failed.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pion/webrtc/issues/1708 | x_refsource_MISC | |
| https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:47:33.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pion/webrtc/issues/1708", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn't allow the user to continue if verification has failed.)", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T23:28:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/pion/webrtc/issues/1708", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-28681", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn't allow the user to continue if verification has failed.)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/pion/webrtc/issues/1708", refsource: "MISC", url: "https://github.com/pion/webrtc/issues/1708", }, { name: "https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p", refsource: "MISC", url: "https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-28681", datePublished: "2021-03-18T03:20:06", dateReserved: "2021-03-18T00:00:00", dateUpdated: "2024-08-03T21:47:33.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1975
Vulnerability from cvelistv5
Published
2016-03-13 18:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1230768 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/84220 | vdb-entry, x_refsource_BID | |
| http://hg.mozilla.org/releases/mozilla-release/rev/bafc86c12e63 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html | vendor-advisory, x_refsource_SUSE | |
| http://www.mozilla.org/security/announce/2016/mfsa2016-32.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1035215 | vdb-entry, x_refsource_SECTRACK | |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:49.999Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1230768", }, { name: "84220", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/84220", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://hg.mozilla.org/releases/mozilla-release/rev/bafc86c12e63", }, { name: "openSUSE-SU-2016:0731", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html", }, { name: "openSUSE-SU-2016:0733", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", }, { name: "1035215", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035215", }, { name: "GLSA-201605-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201605-06", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-08T00:00:00", descriptions: [ { lang: "en", value: "Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-01T15:57:02", orgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", shortName: "mozilla", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1230768", }, { name: "84220", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/84220", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://hg.mozilla.org/releases/mozilla-release/rev/bafc86c12e63", }, { name: "openSUSE-SU-2016:0731", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html", }, { name: "openSUSE-SU-2016:0733", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", }, { name: "1035215", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035215", }, { name: "GLSA-201605-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201605-06", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@mozilla.org", ID: "CVE-2016-1975", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=1230768", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1230768", }, { name: "84220", refsource: "BID", url: "http://www.securityfocus.com/bid/84220", }, { name: "http://hg.mozilla.org/releases/mozilla-release/rev/bafc86c12e63", refsource: "CONFIRM", url: "http://hg.mozilla.org/releases/mozilla-release/rev/bafc86c12e63", }, { name: "openSUSE-SU-2016:0731", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", }, { name: "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html", }, { name: "openSUSE-SU-2016:0733", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", }, { name: "1035215", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035215", }, { name: "GLSA-201605-06", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201605-06", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", assignerShortName: "mozilla", cveId: "CVE-2016-1975", datePublished: "2016-03-13T18:00:00", dateReserved: "2016-01-20T00:00:00", dateUpdated: "2024-08-05T23:17:49.999Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }