CVE-2008-4197 — Use of Uninitialized Resource in Browser

CWE-908 — Use of Uninitialized Resource3 documents3 sources

Severity

8.8HIGHNVD

EPSS

5.1%

top 10.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opera Browser

Timeline

PublishedSep 27

Latest updateMay 2

Description

Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDopera/opera_browser< 9.52

🔴Vulnerability Details

GHSA

GHSA-5854-w8p6-9244: Opera before 9↗2022-05-02

▶

CVEList

CVE-2008-4197: Opera before 9↗2008-09-27

▶