CVE-2022-2294 — WebRTC Heap Buffer Overflow Vulnerability
2022-08-25 • CISA Known Exploited Vulnerability
[event] WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | WebRTC |
| Product | WebRTC |
| CWE | CWE-122 |
| CVE ID | CVE-2022-2294 |
| Date Added | 2022-08-25 |
| Due Date | 2022-09-15 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-09-15