CVE-2024-38218

Published: Aug 12, 2024Modified: Jan 8, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Microsoft Edge (HTML-based) Memory Corruption Vulnerability

Affected (1)

Products: Microsoft: Edge Chromium

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Edge Chromium	Before 127.0.2651.98

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38218

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.