CVE-2024-21639 - Vulnerability Details - OpenCVE

CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00211.

Key SSVC decision points have not yet been added.

Vendors	Products
Chromiumembedded	Chromium Embedded Framework

Configuration 1 [-]

cpe:2.3:a:chromiumembedded:chromium_embedded_framework:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b
https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-12T21:16:06.709Z

Updated: 2024-08-01T22:27:36.148Z

Reserved: 2023-12-29T03:00:44.957Z

Link: CVE-2024-21639

Vulnrichment

Updated: 2024-08-01T22:27:36.148Z

NVD

Status : Modified

Published: 2024-01-12T22:15:45.750

Modified: 2024-11-21T08:54:46.790

Link: CVE-2024-21639

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21639", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-29T03:00:44.957Z", "datePublished": "2024-01-12T21:16:06.709Z", "dateUpdated": "2024-08-01T22:27:36.148Z"}, "containers": {"cna": {"title": "OOB Access in CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg"}, {"name": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", "tags": ["x_refsource_MISC"], "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b"}], "affected": [{"vendor": "chromiumembedded", "product": "cef", "versions": [{"version": "< commit 1f55d2e", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-12T21:16:06.709Z"}, "descriptions": [{"lang": "en", "value": "CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e."}], "source": {"advisory": "GHSA-m375-jw5x-x8mg", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21639", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T18:00:44.364394Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:chromiumembedded:chromium_embedded_framework:-:*:*:*:*:*:*:*"], "vendor": "chromiumembedded", "product": "chromium_embedded_framework", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:38:07.364Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.148Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg"}, {"name": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", "name": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", "name": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.148Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21639", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T18:00:44.364394Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:chromiumembedded:chromium_embedded_framework:-:*:*:*:*:*:*:*"], "vendor": "chromiumembedded", "product": "chromium_embedded_framework", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-22T18:00:08.547Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "OOB Access in CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory", "source": {"advisory": "GHSA-m375-jw5x-x8mg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "chromiumembedded", "product": "cef", "versions": [{"status": "affected", "version": "< commit 1f55d2e"}]}], "references": [{"url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", "name": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", "name": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-12T21:16:06.709Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21639", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:27:36.148Z", "dateReserved": "2023-12-29T03:00:44.957Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-01-12T21:16:06.709Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chromiumembedded:chromium_embedded_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DDE5170-AEB5-4EB6-B436-9634C0190E6A", "versionEndExcluding": "2024-01-05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e."}, {"lang": "es", "value": "CEF (Chromium Embedded Framework) es un framework simple para integrar navegadores basados en Chromium en otras aplicaciones. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` no verifica el tama\u00f1o de la memoria compartida, lo que genera lecturas fuera de los l\u00edmites fuera de la sandbox. Esta vulnerabilidad fue parcheada en el commit 1f55d2e."}], "id": "CVE-2024-21639", "lastModified": "2024-11-21T08:54:46.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-12T22:15:45.750", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Secondary"}]}