CVE-2023-6856
Published: 19 December 2023
Summary
CVE-2023-6856 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Debian Debian Linux. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 6.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This vulnerability affects Firefox ESR versions prior to 115.6, Thunderbird versions prior to 115.6, and Firefox versions prior to 121, and carries a CVSS 3.1 score of 8.8 with the CWE-787 classification for out-of-bounds writes.
An attacker able to supply malicious WebGL content can trigger the overflow to achieve remote code execution and escape the browser sandbox on affected systems. Exploitation requires user interaction such as visiting a crafted page but needs no other privileges.
Debian, Gentoo, and Mozilla advisories direct users to apply the fixed releases listed in the referenced security announcements, including DSA-5581 and GLSA-202401-10, which address the issue through updated packages. The associated EPSS score reached a peak of 0.1237 with a current value of 0.1047.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-59060
Vulnerability details
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR <…
more
115.6, Thunderbird < 115.6, and Firefox < 121.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.