CVE-2022-47934
MEDIUMBrave < 1.43.88 - Denial of Service via ipfs:// or ipns:// URL Handling
Title source: llmDescription
Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934.
References (5)
Core 5
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/brave/brave-browser/issues/24211
Issue Tracking, Release Notes, Third Party Advisory
https://github.com/brave/brave-browser/issues/25106
Patch, Third Party Advisory
https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8
Patch, Third Party Advisory
https://github.com/brave/brave-core/pull/14313
Permissions Required, Third Party Advisory
https://hackerone.com/reports/1646204
Scores
CVSS v3
6.5
EPSS
0.0103
EPSS Percentile
59.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (1)
brave/brave
< 1.43.88
Published
Dec 24, 2022
Tracked Since
Feb 18, 2026