CVE-2024-21639 - Vulnerability Details - OpenCVE

Description

CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e.

Published: 2024-01-12

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

chromiumembedded

cef

affected

Version	Status	Constraints
`< commit 1f55d2e`	affected	—

Configuration 1 [-]

cpe:2.3:a:chromiumembedded:chromium_embedded_framework:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-19277	CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00211.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b
https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg

History

No history.

Subscriptions

Chromiumembedded Chromium Embedded Framework

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-12T21:16:06.709Z

Updated: 2024-08-01T22:27:36.148Z

Reserved: 2023-12-29T03:00:44.957Z

Link: CVE-2024-21639

Vulnrichment

Updated: 2024-08-01T22:27:36.148Z

NVD

Status : Modified

Published: 2024-01-12T22:15:45.750

Modified: 2024-11-21T08:54:46.790

Link: CVE-2024-21639

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-125

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21639", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-29T03:00:44.957Z", "datePublished": "2024-01-12T21:16:06.709Z", "dateUpdated": "2024-08-01T22:27:36.148Z"}, "containers": {"cna": {"title": "OOB Access in CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg"}, {"name": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", "tags": ["x_refsource_MISC"], "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b"}], "affected": [{"vendor": "chromiumembedded", "product": "cef", "versions": [{"version": "< commit 1f55d2e", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-12T21:16:06.709Z"}, "descriptions": [{"lang": "en", "value": "CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e."}], "source": {"advisory": "GHSA-m375-jw5x-x8mg", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21639", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T18:00:44.364394Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:chromiumembedded:chromium_embedded_framework:-:*:*:*:*:*:*:*"], "vendor": "chromiumembedded", "product": "chromium_embedded_framework", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:38:07.364Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.148Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg"}, {"name": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", "name": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", "name": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.148Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21639", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T18:00:44.364394Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:chromiumembedded:chromium_embedded_framework:-:*:*:*:*:*:*:*"], "vendor": "chromiumembedded", "product": "chromium_embedded_framework", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-22T18:00:08.547Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "OOB Access in CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory", "source": {"advisory": "GHSA-m375-jw5x-x8mg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "chromiumembedded", "product": "cef", "versions": [{"status": "affected", "version": "< commit 1f55d2e"}]}], "references": [{"url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", "name": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", "name": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-12T21:16:06.709Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21639", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:27:36.148Z", "dateReserved": "2023-12-29T03:00:44.957Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-01-12T21:16:06.709Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chromiumembedded:chromium_embedded_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DDE5170-AEB5-4EB6-B436-9634C0190E6A", "versionEndExcluding": "2024-01-05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e."}, {"lang": "es", "value": "CEF (Chromium Embedded Framework) es un framework simple para integrar navegadores basados en Chromium en otras aplicaciones. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` no verifica el tama\u00f1o de la memoria compartida, lo que genera lecturas fuera de los l\u00edmites fuera de la sandbox. Esta vulnerabilidad fue parcheada en el commit 1f55d2e."}], "id": "CVE-2024-21639", "lastModified": "2024-11-21T08:54:46.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-12T22:15:45.750", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Secondary"}]}