跳转到帖子

Upgraded Electron framework used in Modern Zimbra Desktop to version 28.0.0, This update mitigates potential security risks associated with the outdated Electron version 11.5.0.

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Upgraded Electron framework used in Modern Zimbra Desktop to version 28.0.0, This update mitigates potential security risks associated with the outdated Electron version 11.5.0.

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
01/20/2025
Created
01/16/2025
Added
01/20/2025
Modified
01/20/2025

Description

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Solution(s)

  • zimbra-collaboration-upgrade-latest

References

  • https://attackerkb.com/topics/cve-2023-4863
  • CVE - 2023-4863
  • https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
  • https://crbug.com/1479274
  • https://en.bandisoft.com/honeyview/history/
  • https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
  • https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
  • https://security-tracker.debian.org/tracker/CVE-2023-4863
  • https://bugzilla.suse.com/show_bug.cgi?id=1215231
  • https://news.ycombinator.com/item?id=37478403
  • https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
  • https://www.debian.org/security/2023/dsa-5496
  • https://www.debian.org/security/2023/dsa-5497
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
  • https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
  • https://www.debian.org/security/2023/dsa-5498
  • https://security.gentoo.org/glsa/202309-05
  • https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
  • https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
  • https://github.com/webmproject/libwebp/releases/tag/v1.3.2
  • https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
  • http://www.openwall.com/lists/oss-security/2023/09/21/4
  • https://blog.isosceles.com/the-webp-0day/
  • http://www.openwall.com/lists/oss-security/2023/09/22/1
  • http://www.openwall.com/lists/oss-security/2023/09/22/3
  • http://www.openwall.com/lists/oss-security/2023/09/22/4
  • http://www.openwall.com/lists/oss-security/2023/09/22/5
  • http://www.openwall.com/lists/oss-security/2023/09/22/8
  • http://www.openwall.com/lists/oss-security/2023/09/22/7
  • http://www.openwall.com/lists/oss-security/2023/09/22/6
  • http://www.openwall.com/lists/oss-security/2023/09/26/1
  • http://www.openwall.com/lists/oss-security/2023/09/26/7
  • http://www.openwall.com/lists/oss-security/2023/09/28/1
  • http://www.openwall.com/lists/oss-security/2023/09/28/2
  • http://www.openwall.com/lists/oss-security/2023/09/28/4
  • https://security.netapp.com/advisory/ntap-20230929-0011/
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/
  • https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
  • https://www.bentley.com/advisories/be-2023-0001/
  • https://security.gentoo.org/glsa/202401-10
View more
  • 引用
  • Mention
    • 查看数 701
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表