// For flags

CVE-2023-29199

vm2 Sandbox escape vulnerability

Severity Score

10.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`.

A flaw was found in the vm2 sandbox. When exception handling is triggered, the sanitization logic is not managed with proper exception handling. This issue may allow an attacker to bypass the sandbox protections which can lead to remote code execution on the hypervisor host or the host which is running the sandbox.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-04-03 CVE Reserved
  • 2023-04-14 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-08-02 First Exploit
  • 2024-11-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-755: Improper Handling of Exceptional Conditions
  • CWE-913: Improper Control of Dynamically-Managed Code Resources
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vm2 Project
Search vendor "Vm2 Project"
Vm2
Search vendor "Vm2 Project" for product "Vm2"
< 3.9.16
Search vendor "Vm2 Project" for product "Vm2" and version " < 3.9.16"
node.js
Affected