CVE-2023-4577

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-4577

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4577.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-4577

Downstream

DEBIAN-CVE-2023-4577

OESA-2025-1265

OESA-2025-1268

RHSA-2023:4945

RHSA-2023:4946

RHSA-2023:4947

RHSA-2023:4948

RHSA-2023:4949

RHSA-2023:4950

RHSA-2023:4951

RHSA-2023:4952

RHSA-2023:4954

RHSA-2023:4955

RHSA-2023:4956

RHSA-2023:4957

RHSA-2023:4958

RHSA-2023:4959

RHSA-2023:5019

RLSA-2023:4952

RLSA-2023:4954

SUSE-SU-2023:3519-1

SUSE-SU-2023:3559-1

SUSE-SU-2023:3562-1

SUSE-SU-2023:3664-1

UBUNTU-CVE-2023-4577

USN-6320-1

USN-6405-1

openSUSE-SU-2024:13176-1

openSUSE-SU-2024:13197-1

openSUSE-SU-2024:13202-1

openSUSE-SU-2024:14572-1

Related

Withdrawn

2026-01-27T04:20:03.775018Z

Published

2023-09-11T09:15:09Z

Modified

2026-01-27T04:20:03.775018Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

References

Affected packages