Search for vulnerabilities
Vulnerability details: VCID-j3n5-h8ku-aaan
Vulnerability ID VCID-j3n5-h8ku-aaan
Aliases CVE-2023-5171
Summary During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5171.json
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00857 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00857 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.00857 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01108 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
epss 0.02996 https://api.first.org/data/v1/epss?cve=CVE-2023-5171
cvssv3.1 8.8 https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-5171
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-5171
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-41
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-42
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-43
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5171.json
https://api.first.org/data/v1/epss?cve=CVE-2023-5171
https://bugzilla.mozilla.org/show_bug.cgi?id=1851599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217
https://lists.debian.org/debian-lts-announce/2023/09/msg00034.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/
https://www.debian.org/security/2023/dsa-5506
https://www.debian.org/security/2023/dsa-5513
https://www.mozilla.org/security/advisories/mfsa2023-41/
https://www.mozilla.org/security/advisories/mfsa2023-42/
https://www.mozilla.org/security/advisories/mfsa2023-43/
2240894 https://bugzilla.redhat.com/show_bug.cgi?id=2240894
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
CVE-2023-5171 https://nvd.nist.gov/vuln/detail/CVE-2023-5171
GLSA-202402-25 https://security.gentoo.org/glsa/202402-25
mfsa2023-41 https://www.mozilla.org/en-US/security/advisories/mfsa2023-41
mfsa2023-42 https://www.mozilla.org/en-US/security/advisories/mfsa2023-42
mfsa2023-43 https://www.mozilla.org/en-US/security/advisories/mfsa2023-43
RHSA-2023:5426 https://access.redhat.com/errata/RHSA-2023:5426
RHSA-2023:5427 https://access.redhat.com/errata/RHSA-2023:5427
RHSA-2023:5428 https://access.redhat.com/errata/RHSA-2023:5428
RHSA-2023:5429 https://access.redhat.com/errata/RHSA-2023:5429
RHSA-2023:5430 https://access.redhat.com/errata/RHSA-2023:5430
RHSA-2023:5432 https://access.redhat.com/errata/RHSA-2023:5432
RHSA-2023:5433 https://access.redhat.com/errata/RHSA-2023:5433
RHSA-2023:5434 https://access.redhat.com/errata/RHSA-2023:5434
RHSA-2023:5435 https://access.redhat.com/errata/RHSA-2023:5435
RHSA-2023:5436 https://access.redhat.com/errata/RHSA-2023:5436
RHSA-2023:5437 https://access.redhat.com/errata/RHSA-2023:5437
RHSA-2023:5438 https://access.redhat.com/errata/RHSA-2023:5438
RHSA-2023:5439 https://access.redhat.com/errata/RHSA-2023:5439
RHSA-2023:5440 https://access.redhat.com/errata/RHSA-2023:5440
RHSA-2023:5475 https://access.redhat.com/errata/RHSA-2023:5475
RHSA-2023:5477 https://access.redhat.com/errata/RHSA-2023:5477
USN-6404-1 https://usn.ubuntu.com/6404-1/
USN-6405-1 https://usn.ubuntu.com/6405-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5171.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-5171
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-5171
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.52299
EPSS Score 0.00153
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.