CVE Vulnerability

CVE-2022-47932

Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/brave/brave-core/commit/e73309665508c17e48a67e302d3ab02a38d3ef50 Patch Third Party Advisory
https://github.com/brave/brave-browser/issues/24093 Exploit Issue Tracking
https://hackerone.com/reports/1636430 Permissions Required Third Party Advisory
https://github.com/brave/brave-core/pull/14211 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:brave:brave:*:*:*:*:*:*:*:*
Information

Published : 2022-12-24 10:15

Updated : 2022-12-30 10:04

NVD link : CVE-2022-47932

Mitre link : CVE-2022-47932

Products Affected
No products.
CWE
NVD-CWE-Other