CVE-2022-2294

Warning

EPSS 2.19%
Published 28.07.2022 02:15:07
Last modified 03.04.2025 16:08:44
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected products Warnungen 1 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version < 103.0.5060.114

Fedoraproject ≫ Extra Packages For Enterprise Linux Version8.0

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version36

Webkitgtk ≫ Webkitgtk Version < 2.36.5

Wpewebkit ≫ Wpe Webkit Version < 2.36.5

Apple ≫ iPadOS Version < 15.6

Apple ≫ iPhone OS Version < 15.6

Apple ≫ macOS X Version < 10.15.7

Apple ≫ macOS X Version10.15.7 Update-

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-005

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-007

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-002

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-003

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-004

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-005

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-006

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-007

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-008

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2022-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2022-002

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2022-003

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2022-004

Apple ≫ macOS Version < 11.6.8

Apple ≫ macOS Version >= 12.0 < 12.5

Apple ≫ tvOS Version < 15.6

Apple ≫ watchOS Version < 8.7

Webrtc Project ≫ Webrtc Version-

25.08.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

WebRTC Heap Buffer Overflow Vulnerability

Vulnerability

WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.19%	0.838

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H