N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-j646-gj5p-p45g

EPSS Score

CWE

Published

9/21/2023

Updated

10/2/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-j646-gj5p-p45g

GHSA-j646-gj5p-p45g: CefSharp affected by heap buffer overflow in WebP

Google is aware that an exploit for CVE-2023-4863 exists in the wild.

Description

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References

https://www.cve.org/CVERecord?id=CVE-2023-4863
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability

Updated

There is another related security vulnerability.

There's another related CVE (CVE-2023-5217) that is fixed in Chromium 117.0.5938.132. This one is triggered by WebCodecs API encoder usage, so a workaround for older versions is to disable the WebCodecs API (--disable-blink-features=WebCodecs).

As per https://magpcss.org/ceforum/viewtopic.php?f=6&t=19551#p54150

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-j646-gj5p-p45g

GHSA-j646-gj5p-p45g:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-j646-gj5p-p45g

EPSS Score

CWE

Published

9/21/2023

Updated

10/2/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
CefSharp.Common	nuget	< 116.0.230	116.0.230
CefSharp.Common.NETCore	nuget	< 116.0.230	116.0.230

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability (CVE-2023-4863) resides in the Chromium WebP decoding implementation, which is part of the native code in the Chromium Embedded Framework (CEF) that CefSharp wraps. The provided commit diff and advisory information only show updates to CEF/Chromium dependencies (from 116.0.19 to 116.0.23) to include the patched version of Chromium. The actual vulnerable functions (e.g., WebP parsing logic in libwebp) are in Chromium's native code, not in the CefSharp .NET codebase itself. Since the question asks for functions 'present in the system' (CefSharp), and the vulnerability is in the underlying native library, no C#-level functions in the CefSharp packages are directly implicated. The fix involves updating the CEF dependency, not modifying CefSharp's managed code.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-j646-gj5p-p45g: CefSharp affected by heap buffer overflow in WebP

Description

References

GHSA-j646-gj5p-p45g:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

GHSA-j646-gj5p-p45g: CefSharp affected by heap buffer overflow in WebP

Description

References

N/A

N/A

Basic Information

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI