CVE-2023-25752

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-25752

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25752.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25752

Downstream

DLA-3364-1

DLA-3365-1

DSA-5374-1

DSA-5375-1

OESA-2023-1673

OESA-2023-1674

RHSA-2023:1333

RHSA-2023:1336

RHSA-2023:1337

RHSA-2023:1364

RHSA-2023:1367

RHSA-2023:1401

RHSA-2023:1402

RHSA-2023:1403

RHSA-2023:1404

RHSA-2023:1407

RHSA-2023:1442

RHSA-2023:1443

RHSA-2023:1444

RHSA-2023:1445

RHSA-2023:1472

RHSA-2023:1479

SUSE-SU-2023:0728-1

SUSE-SU-2023:0763-1

SUSE-SU-2023:0835-1

SUSE-SU-2023:1736-1

UBUNTU-CVE-2023-25752

USN-5954-1

USN-5972-1

openSUSE-SU-2024:12786-1

openSUSE-SU-2024:12791-1

openSUSE-SU-2024:12839-1

openSUSE-SU-2024:14572-1

Related

Published

2023-06-02T17:15:11Z

Modified

2025-08-09T19:01:28Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

References

Affected packages