Vonages WebRTC native library in Vonage products. WebRTC is a free, open project that provides browsers and mobile applications with Real-Time Communications capabilities via simple APIs.
Path to dependency file: /Basic-Video-Chat/Podfile.lock
Path to vulnerable library: /Basic-Video-Chat/Podfile.lock,/Custom-Audio-Driver/Podfile.lock,/Custom-Audio-Driver/Podfile.lock,/Basic-Video-Chat-Metal/Podfile.lock,/Custom-Video-Capturer/Podfile.lock,/Screen-Sharing/Podfile.lock,/Screen-Sharing/Podfile.lock,/Custom-Video-Capturer/Podfile.lock,/Basic-Video-Chat-Metal/Podfile.lock,/Basic-Video-Chat/Podfile.lock,/Simple-Multiparty/Podfile.lock,/Simple-Multiparty/Podfile.lock
Vonages WebRTC native library in Vonage products. WebRTC is a free, open project that provides browsers and mobile applications with Real-Time Communications capabilities via simple APIs.
Path to dependency file: /Basic-Video-Chat/Podfile.lock
Path to vulnerable library: /Basic-Video-Chat/Podfile.lock,/Custom-Audio-Driver/Podfile.lock,/Custom-Audio-Driver/Podfile.lock,/Basic-Video-Chat-Metal/Podfile.lock,/Custom-Video-Capturer/Podfile.lock,/Screen-Sharing/Podfile.lock,/Screen-Sharing/Podfile.lock,/Custom-Video-Capturer/Podfile.lock,/Basic-Video-Chat-Metal/Podfile.lock,/Basic-Video-Chat/Podfile.lock,/Simple-Multiparty/Podfile.lock,/Simple-Multiparty/Podfile.lock
Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Vulnerable Library - VonageWebRTC-99.2.39
Vonages WebRTC native library in Vonage products. WebRTC is a free, open project that provides browsers and mobile applications with Real-Time Communications capabilities via simple APIs.
Library home page: https://d3opqjmqzxf057.cloudfront.net/vonage-webrtc/pod/vonagewebrtc/release/99.2.39/VonageWebRTC-99.2.39.zip
Path to dependency file: /Basic-Video-Chat/Podfile.lock
Path to vulnerable library: /Basic-Video-Chat/Podfile.lock,/Custom-Audio-Driver/Podfile.lock,/Custom-Audio-Driver/Podfile.lock,/Basic-Video-Chat-Metal/Podfile.lock,/Custom-Video-Capturer/Podfile.lock,/Screen-Sharing/Podfile.lock,/Screen-Sharing/Podfile.lock,/Custom-Video-Capturer/Podfile.lock,/Basic-Video-Chat-Metal/Podfile.lock,/Basic-Video-Chat/Podfile.lock,/Simple-Multiparty/Podfile.lock,/Simple-Multiparty/Podfile.lock
Found in HEAD commit: 2e96e1e71ef954a9b7b240379b744c36283fe62b
Vulnerabilities
Details
CVE-2023-0705
### Vulnerable Library - VonageWebRTC-99.2.39Vonages WebRTC native library in Vonage products. WebRTC is a free, open project that provides browsers and mobile applications with Real-Time Communications capabilities via simple APIs.
Library home page: https://d3opqjmqzxf057.cloudfront.net/vonage-webrtc/pod/vonagewebrtc/release/99.2.39/VonageWebRTC-99.2.39.zip
Path to dependency file: /Basic-Video-Chat/Podfile.lock
Path to vulnerable library: /Basic-Video-Chat/Podfile.lock,/Custom-Audio-Driver/Podfile.lock,/Custom-Audio-Driver/Podfile.lock,/Basic-Video-Chat-Metal/Podfile.lock,/Custom-Video-Capturer/Podfile.lock,/Screen-Sharing/Podfile.lock,/Screen-Sharing/Podfile.lock,/Custom-Video-Capturer/Podfile.lock,/Basic-Video-Chat-Metal/Podfile.lock,/Basic-Video-Chat/Podfile.lock,/Simple-Multiparty/Podfile.lock,/Simple-Multiparty/Podfile.lock
Dependency Hierarchy: - :x: **VonageWebRTC-99.2.39** (Vulnerable Library)
Found in HEAD commit: 2e96e1e71ef954a9b7b240379b744c36283fe62b
Found in base branch: main
### Vulnerability DetailsInteger overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Publish Date: 2023-02-07
URL: CVE-2023-0705
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2023-02-07
Fix Resolution: 110.0.5421.0