What is CVE-2023-2137?

CVE-2023-2137 is a heap buffer overflow vulnerability in sqlite in Google Chrome and Microsoft Edge.

What is the severity of CVE-2023-2137?

The severity of CVE-2023-2137 is High, with a CVSS score of 8.8.

How does CVE-2023-2137 impact users?

CVE-2023-2137 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page, which could lead to remote code execution or denial of service.

What software is affected by CVE-2023-2137?

Microsoft Edge (Chromium-based), Microsoft Edge (version 112.0.1722.58), Google Chrome (up to version 112.0.5615.137), Debian Linux (version 11.0), Fedora (versions 36, 37, 38), and Chromium (version up to 90.0.4430.212-1~deb10u1) are affected by CVE-2023-2137.

How can I fix CVE-2023-2137?

To fix CVE-2023-2137, users should update their affected software to the latest versions provided by the respective vendors or distributions.

Vulnerability/
CVE-2023-2137

high

8.8

CWE

119 89 787 122

5/4/2023

19/4/2023

28/10/2024

CVE-2023-2137: Heap buffer overflow in sqlite

First published: Wed Apr 05 2023(Updated: )

<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>

Credit: chrome-cve-admin@google.com chrome-cve-admin@google.com Nan Wang @eternalsakura13 360 Vulnerability Research InstituteGuang Gong 360 Vulnerability Research Institute

Affected Software	Affected Version	How to fix
	<112.0.5615.137	112.0.5615.137
Google Chrome	<112.0.5615.137
Debian Debian Linux	=11.0
Fedoraproject Fedora	=36
Fedoraproject Fedora	=37
Fedoraproject Fedora	=38
Microsoft Edge (Chromium-based)		fix available externally
Microsoft Edge	<112.0.1722.58
debian/chromium	<=90.0.4430.212-1~deb10u1	116.0.5845.180-1~deb11u1 119.0.6045.123-1~deb11u1 116.0.5845.180-1~deb12u1 119.0.6045.123-1~deb12u1 119.0.6045.105-1 119.0.6045.123-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

2950018165594373010

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2023-2137?
CVE-2023-2137 is a heap buffer overflow vulnerability in sqlite in Google Chrome and Microsoft Edge.
What is the severity of CVE-2023-2137?
The severity of CVE-2023-2137 is High, with a CVSS score of 8.8.
How does CVE-2023-2137 impact users?
CVE-2023-2137 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page, which could lead to remote code execution or denial of service.
What software is affected by CVE-2023-2137?
Microsoft Edge (Chromium-based), Microsoft Edge (version 112.0.1722.58), Google Chrome (up to version 112.0.5615.137), Debian Linux (version 11.0), Fedora (versions 36, 37, 38), and Chromium (version up to 90.0.4430.212-1~deb10u1) are affected by CVE-2023-2137.
How can I fix CVE-2023-2137?
To fix CVE-2023-2137, users should update their affected software to the latest versions provided by the respective vendors or distributions.

collector/msrc-cve
collector/msrc
collector/security-tracker-debian
agent/author
agent/type
agent/first-publish-date
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
agent/title
agent/severity
agent/references
collector/chrome-releases
agent/software-canonical-lookup
agent/description
agent/weakness
agent/tags
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft edge
package-manager/debian
vendor/google
canonical/google chrome
vendor/debian
canonical/debian debian linux
version/debian debian linux/11.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/36
version/fedoraproject fedora/37
version/fedoraproject fedora/38
canonical/microsoft edge (chromium-based)