VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-sbwe-dz4e-xbb8

Essentials
Severities (30)
References (46)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-sbwe-dz4e-xbb8
Aliases	CVE-2023-4050
Summary	In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-787	Out-of-bounds Write

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4050.json
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08684	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
epss	0.08899	https://api.first.org/data/v1/epss?cve=CVE-2023-4050
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1843038
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-4050
ssvc	Track	https://www.debian.org/security/2023/dsa-5464
ssvc	Track	https://www.debian.org/security/2023/dsa-5469
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-29
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-30
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-31
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-32
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-33
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-29/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-30/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-31/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4050.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-4050
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
2228365		https://bugzilla.redhat.com/show_bug.cgi?id=2228365
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-4050		https://nvd.nist.gov/vuln/detail/CVE-2023-4050
dsa-5464		https://www.debian.org/security/2023/dsa-5464
dsa-5469		https://www.debian.org/security/2023/dsa-5469
mfsa2023-29		https://www.mozilla.org/en-US/security/advisories/mfsa2023-29
mfsa2023-29		https://www.mozilla.org/security/advisories/mfsa2023-29/
mfsa2023-30		https://www.mozilla.org/en-US/security/advisories/mfsa2023-30
mfsa2023-30		https://www.mozilla.org/security/advisories/mfsa2023-30/
mfsa2023-31		https://www.mozilla.org/en-US/security/advisories/mfsa2023-31
mfsa2023-31		https://www.mozilla.org/security/advisories/mfsa2023-31/
mfsa2023-32		https://www.mozilla.org/en-US/security/advisories/mfsa2023-32
mfsa2023-33		https://www.mozilla.org/en-US/security/advisories/mfsa2023-33
msg00008.html		https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
msg00010.html		https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
RHSA-2023:4460		https://access.redhat.com/errata/RHSA-2023:4460
RHSA-2023:4461		https://access.redhat.com/errata/RHSA-2023:4461
RHSA-2023:4462		https://access.redhat.com/errata/RHSA-2023:4462
RHSA-2023:4463		https://access.redhat.com/errata/RHSA-2023:4463
RHSA-2023:4464		https://access.redhat.com/errata/RHSA-2023:4464
RHSA-2023:4465		https://access.redhat.com/errata/RHSA-2023:4465
RHSA-2023:4468		https://access.redhat.com/errata/RHSA-2023:4468
RHSA-2023:4469		https://access.redhat.com/errata/RHSA-2023:4469
RHSA-2023:4492		https://access.redhat.com/errata/RHSA-2023:4492
RHSA-2023:4493		https://access.redhat.com/errata/RHSA-2023:4493
RHSA-2023:4494		https://access.redhat.com/errata/RHSA-2023:4494
RHSA-2023:4495		https://access.redhat.com/errata/RHSA-2023:4495
RHSA-2023:4496		https://access.redhat.com/errata/RHSA-2023:4496
RHSA-2023:4497		https://access.redhat.com/errata/RHSA-2023:4497
RHSA-2023:4499		https://access.redhat.com/errata/RHSA-2023:4499
RHSA-2023:4500		https://access.redhat.com/errata/RHSA-2023:4500
show_bug.cgi?id=1843038		https://bugzilla.mozilla.org/show_bug.cgi?id=1843038
USN-6267-1		https://usn.ubuntu.com/6267-1/
USN-6333-1		https://usn.ubuntu.com/6333-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4050.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1843038

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4050

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/ Found at https://www.debian.org/security/2023/dsa-5464

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/ Found at https://www.debian.org/security/2023/dsa-5469

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-29/

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-30/

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-31/

Exploit Prediction Scoring System (EPSS)

Percentile	0.92082
EPSS Score	0.08684
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:31.434233+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-33.yml	37.0.0