CVE-2023-2137

Summary

CVE	CVE-2023-2137
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-04-19 04:15:00 UTC
Updated	2023-10-20 20:54:00 UTC
Description	Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Operating System	Fedoraproject	Fedora	38	All	All	All
Application	Google	Chrome	All	All	All	All

References

Reference	Source	Link	Tags
1430644 - chromium - An open-source project to help move the web forward. - Monorail	MISC	crbug.com
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities (GLSA 202309-17) — Gentoo security	MISC	security.gentoo.org
[SECURITY] Fedora 38 Update: chromium-112.0.5615.165-1.fc38 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: chromium-112.0.5615.165-1.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 38 Update: chromium-112.0.5615.121-2.fc38 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: chromium-112.0.5615.121-2.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: chromium-112.0.5615.121-2.fc36 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
Chrome Releases: Stable Channel Update for Desktop	MISC	chromereleases.googleblog.com
Debian -- Security Information -- DSA-5393-1 chromium	MISC	www.debian.org
[SECURITY] Fedora 36 Update: chromium-112.0.5615.165-1.fc36 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

181750 Debian Security Update for chromium (DSA 5393-1)
182599 Debian Security Update for chromium (CVE-2023-2137)
283905 Fedora Security Update for chromium (FEDORA-2023-c1741c9724)
283906 Fedora Security Update for chromium (FEDORA-2023-8cc9731416)
283939 Fedora Security Update for chromium (FEDORA-2023-fa739b5753)
283942 Fedora Security Update for chromium (FEDORA-2023-2b6ba1c253)
284160 Fedora Security Update for chromium (FEDORA-2023-911c060ded)
284166 Fedora Security Update for chromium (FEDORA-2023-df075a7f85)
378426 Google Chrome Prior to 112.0.5615.137 Multiple Vulnerabilities
378442 Microsoft Edge Based on Chromium Prior to 112.0.1722.58 Multiple Vulnerabilities
502997 Alpine Linux Security Update for qt5-qtwebengine
503239 Alpine Linux Security Update for qt5-qtwebengine
506196 Alpine Linux Security Update for qt5-qtwebengine
691149 Free Berkeley Software Distribution (FreeBSD) Security Update for chromium (90c48c04-d549-4fc0-a503-4775e32d438e)
710759 Gentoo Linux Chromium, Google Chrome, Microsoft Edge Multiple Vulnerabilities (GLSA 202309-17)
754045 OpenSUSE Security Update for opera (openSUSE-SU-2023:0114-1)
754103 OpenSUSE Security Update for opera (openSUSE-SU-2023:0115-1)
755345 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2023:4576-1)
755368 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2023:4619-1)
755369 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2023:4619-1)
755370 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2023:4619-1)