CVE-2023-43548
published 2024-03-04CVE-2023-43548: Memory corruption while parsing qcp clip with invalid chunk data size.
PriorityP348critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.26%
17.7th percentile
Memory corruption while parsing qcp clip with invalid chunk data size.
Affected
142 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_oracle8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2023-43548: Closed-source component
vendor_android·2024-03-01·CVSS 7.3
CVE-2023-43548 [HIGH] CVE-2023-43548: Closed-source component
Android Security Bulletin 2024-03-01
CVE: CVE-2023-43548
Severity: HIGH
Component: Closed-source component
References: A-314790932
*
Oracle
Oracle Oracle JD Edwards Risk Matrix: E1 Dev Platform Tech (Node.js) — CVE-2022-43548
vendor_oracle·2023-07-15·CVSS 8.1
CVE-2022-43548 [HIGH] Oracle Oracle JD Edwards Risk Matrix: E1 Dev Platform Tech (Node.js) — CVE-2022-43548
Oracle Oracle JD Edwards Risk Matrix: E1 Dev Platform Tech (Node.js) vulnerability
CVE: CVE-2022-43548
CVSS: 8.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2023 (JUL 2023)
Oracle
Oracle Oracle MySQL Risk Matrix: Cluster: JS module (Node.js) — CVE-2022-43548
vendor_oracle·2023-04-15·CVSS 8.1
CVE-2022-43548 [HIGH] Oracle Oracle MySQL Risk Matrix: Cluster: JS module (Node.js) — CVE-2022-43548
Oracle Oracle MySQL Risk Matrix: Cluster: JS module (Node.js) vulnerability
CVE: CVE-2022-43548
CVSS: 8.1
Protocol: Multiple
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
Oracle
Oracle Oracle Java SE Risk Matrix: Node (Node.js) — CVE-2022-43548
vendor_oracle·2023-01-15·CVSS 8.1
CVE-2022-43548 [HIGH] Oracle Oracle Java SE Risk Matrix: Node (Node.js) — CVE-2022-43548
Oracle Oracle Java SE Risk Matrix: Node (Node.js) vulnerability
CVE: CVE-2022-43548
CVSS: 8.1
Protocol: HTTPS
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2023 (JAN 2023)
GHSA
GHSA-88qq-vr7f-76wp: Memory corruption while parsing qcp clip with invalid chunk data size
ghsa_unreviewed·2024-03-04
CVE-2023-43548 [HIGH] CWE-120 GHSA-88qq-vr7f-76wp: Memory corruption while parsing qcp clip with invalid chunk data size
Memory corruption while parsing qcp clip with invalid chunk data size.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-04
Published