CVE-2022-47934 - Vulnerability Details - OpenCVE

Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Brave	Brave

Configuration 1 [-]

cpe:2.3:a:brave:brave:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/brave/brave-browser/issues/24211
https://github.com/brave/brave-browser/issues/25106
https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8
https://github.com/brave/brave-core/pull/14313
https://hackerone.com/reports/1646204

History

Tue, 15 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-24T00:00:00.000Z

Updated: 2025-04-15T13:34:56.137Z

Reserved: 2022-12-23T00:00:00.000Z

Link: CVE-2022-47934

Vulnrichment

Updated: 2024-08-03T15:02:36.648Z

NVD

Status : Modified

Published: 2022-12-24T22:15:09.420

Modified: 2025-04-15T14:15:39.057

Link: CVE-2022-47934

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-47934", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-15T13:34:56.137Z", "dateReserved": "2022-12-23T00:00:00.000Z", "datePublished": "2022-12-24T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-24T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8"}, {"url": "https://github.com/brave/brave-browser/issues/24211"}, {"url": "https://github.com/brave/brave-browser/issues/25106"}, {"url": "https://github.com/brave/brave-core/pull/14313"}, {"url": "https://hackerone.com/reports/1646204"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:02:36.648Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8", "tags": ["x_transferred"]}, {"url": "https://github.com/brave/brave-browser/issues/24211", "tags": ["x_transferred"]}, {"url": "https://github.com/brave/brave-browser/issues/25106", "tags": ["x_transferred"]}, {"url": "https://github.com/brave/brave-core/pull/14313", "tags": ["x_transferred"]}, {"url": "https://hackerone.com/reports/1646204", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T13:34:12.560823Z", "id": "CVE-2022-47934", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T13:34:56.137Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-47934", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-15T13:34:56.137Z", "dateReserved": "2022-12-23T00:00:00.000Z", "datePublished": "2022-12-24T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-24T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8"}, {"url": "https://github.com/brave/brave-browser/issues/24211"}, {"url": "https://github.com/brave/brave-browser/issues/25106"}, {"url": "https://github.com/brave/brave-core/pull/14313"}, {"url": "https://hackerone.com/reports/1646204"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:02:36.648Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8", "tags": ["x_transferred"]}, {"url": "https://github.com/brave/brave-browser/issues/24211", "tags": ["x_transferred"]}, {"url": "https://github.com/brave/brave-browser/issues/25106", "tags": ["x_transferred"]}, {"url": "https://github.com/brave/brave-core/pull/14313", "tags": ["x_transferred"]}, {"url": "https://hackerone.com/reports/1646204", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-47934", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-15T13:34:12.560823Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T13:34:51.433Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brave:brave:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA16050C-86A5-4AA7-AE82-8815BC92E596", "versionEndExcluding": "1.43.88", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934."}, {"lang": "es", "value": "Brave Browser anterior a 1.43.88 permit\u00eda a un atacante remoto provocar una Denegaci\u00f3n de Servicio (DoS) en ventanas privadas e invitadas a trav\u00e9s de un archivo HTML manipulado que menciona una URL ipfs:// o ipns://. Esto se debe a una soluci\u00f3n incompleta para CVE-2022-47932 y CVE-2022-47934."}], "id": "CVE-2022-47934", "lastModified": "2025-04-15T14:15:39.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-24T22:15:09.420", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/brave/brave-browser/issues/24211"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Release Notes", "Third Party Advisory"], "url": "https://github.com/brave/brave-browser/issues/25106"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/brave/brave-core/pull/14313"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1646204"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/brave/brave-browser/issues/24211"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Release Notes", "Third Party Advisory"], "url": "https://github.com/brave/brave-browser/issues/25106"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/brave/brave-core/pull/14313"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1646204"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}