CVE-2024-2608

`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
CVSS

No CVSS.

Configurations

No configuration.

History

03 Jul 2024, 01:53

Type Values Removed Values Added
CWE CWE-680

25 Mar 2024, 17:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html -

23 Mar 2024, 12:15

Type Values Removed Values Added
Summary
  • (es) `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` y `AppendEncodedCharacters()` podrían haber experimentado desbordamientos de enteros, lo que provocó una asignación insuficiente de un búfer de salida, lo que provocó una escritura fuera de los límites. Esta vulnerabilidad afecta a Firefox &lt; 124, Firefox ESR &lt; 115.9 y Thunderbird &lt; 115.9.
References
  • () https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html -

19 Mar 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-19 12:15

Updated : 2024-07-03 01:53


NVD link : CVE-2024-2608

Mitre link : CVE-2024-2608

CVE.ORG link : CVE-2024-2608


JSON object : View

Products Affected

No product.

CWE
CWE-680

Integer Overflow to Buffer Overflow