CVE-2023-29199
vm2 Sandbox escape vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`.
A flaw was found in the vm2 sandbox. When exception handling is triggered, the sanitization logic is not managed with proper exception handling. This issue may allow an attacker to bypass the sandbox protections which can lead to remote code execution on the hypervisor host or the host which is running the sandbox.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-04-03 CVE Reserved
- 2023-04-14 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-11-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-755: Improper Handling of Exceptional Conditions
- CWE-913: Improper Control of Dynamically-Managed Code Resources
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://github.com/patriksimek/vm2/releases/tag/3.9.16 | Release Notes |
URL | Date | SRC |
---|---|---|
https://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c | 2024-08-02 |
URL | Date | SRC |
---|---|---|
https://github.com/patriksimek/vm2/commit/24c724daa7c09f003e556d7cd1c7a8381cb985d7 | 2023-04-25 | |
https://github.com/patriksimek/vm2/issues/516 | 2023-04-25 |
URL | Date | SRC |
---|---|---|
https://github.com/patriksimek/vm2/security/advisories/GHSA-xj72-wvfv-8985 | 2023-04-25 | |
https://access.redhat.com/security/cve/CVE-2023-29199 | 2023-04-20 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2187409 | 2023-04-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vm2 Project Search vendor "Vm2 Project" | Vm2 Search vendor "Vm2 Project" for product "Vm2" | < 3.9.16 Search vendor "Vm2 Project" for product "Vm2" and version " < 3.9.16" | node.js |
Affected
|