VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ndv4-2838-hyas

Essentials
Severities (30)
References (44)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ndv4-2838-hyas
Aliases	CVE-2023-37201
Summary	An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37201.json
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
epss	0.005	https://api.first.org/data/v1/epss?cve=CVE-2023-37201
ssvc	Track*	https://bugzilla.mozilla.org/show_bug.cgi?id=1826002
ssvc	Track*	https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html
ssvc	Track*	https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-37201
ssvc	Track*	https://www.debian.org/security/2023/dsa-5450
ssvc	Track*	https://www.debian.org/security/2023/dsa-5451
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-22
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-23
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-24
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-22/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-23/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-24/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37201.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-37201
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211
2219747		https://bugzilla.redhat.com/show_bug.cgi?id=2219747
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-37201		https://nvd.nist.gov/vuln/detail/CVE-2023-37201
dsa-5450		https://www.debian.org/security/2023/dsa-5450
dsa-5451		https://www.debian.org/security/2023/dsa-5451
mfsa2023-22		https://www.mozilla.org/en-US/security/advisories/mfsa2023-22
mfsa2023-22		https://www.mozilla.org/security/advisories/mfsa2023-22/
mfsa2023-23		https://www.mozilla.org/en-US/security/advisories/mfsa2023-23
mfsa2023-23		https://www.mozilla.org/security/advisories/mfsa2023-23/
mfsa2023-24		https://www.mozilla.org/en-US/security/advisories/mfsa2023-24
mfsa2023-24		https://www.mozilla.org/security/advisories/mfsa2023-24/
msg00006.html		https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html
msg00015.html		https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html
RHSA-2023:4062		https://access.redhat.com/errata/RHSA-2023:4062
RHSA-2023:4063		https://access.redhat.com/errata/RHSA-2023:4063
RHSA-2023:4064		https://access.redhat.com/errata/RHSA-2023:4064
RHSA-2023:4065		https://access.redhat.com/errata/RHSA-2023:4065
RHSA-2023:4066		https://access.redhat.com/errata/RHSA-2023:4066
RHSA-2023:4067		https://access.redhat.com/errata/RHSA-2023:4067
RHSA-2023:4068		https://access.redhat.com/errata/RHSA-2023:4068
RHSA-2023:4069		https://access.redhat.com/errata/RHSA-2023:4069
RHSA-2023:4070		https://access.redhat.com/errata/RHSA-2023:4070
RHSA-2023:4071		https://access.redhat.com/errata/RHSA-2023:4071
RHSA-2023:4072		https://access.redhat.com/errata/RHSA-2023:4072
RHSA-2023:4073		https://access.redhat.com/errata/RHSA-2023:4073
RHSA-2023:4074		https://access.redhat.com/errata/RHSA-2023:4074
RHSA-2023:4075		https://access.redhat.com/errata/RHSA-2023:4075
RHSA-2023:4076		https://access.redhat.com/errata/RHSA-2023:4076
RHSA-2023:4079		https://access.redhat.com/errata/RHSA-2023:4079
show_bug.cgi?id=1826002		https://bugzilla.mozilla.org/show_bug.cgi?id=1826002
USN-6201-1		https://usn.ubuntu.com/6201-1/
USN-6214-1		https://usn.ubuntu.com/6214-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37201.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1826002

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/ Found at https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/ Found at https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-37201

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/ Found at https://www.debian.org/security/2023/dsa-5450

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/ Found at https://www.debian.org/security/2023/dsa-5451

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-22/

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-23/

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-21T14:30:36Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-24/

Exploit Prediction Scoring System (EPSS)

Percentile	0.64385
EPSS Score	0.00486
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:31.777127+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-24.yml	37.0.0