Search for vulnerabilities
Vulnerability details: VCID-h2tr-9p5y-aaam
Vulnerability ID VCID-h2tr-9p5y-aaam
Aliases CVE-2023-2137
Summary Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00620 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00656 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00714 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00714 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00714 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
epss 0.00714 https://api.first.org/data/v1/epss?cve=CVE-2023-2137
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-2137
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-2137
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-2137
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
https://crbug.com/1430644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2137
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/
https://www.debian.org/security/2023/dsa-5393
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CVE-2023-2137 https://nvd.nist.gov/vuln/detail/CVE-2023-2137
GLSA-202309-17 https://security.gentoo.org/glsa/202309-17
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-2137
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-2137
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.37321
EPSS Score 0.00186
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.