2023's Most Easily Exploitable, Critical CVEs

Are you aware of some of the easiest-to-exploit, critical CVEs from 2023? Well, you should be, because these five vulnerabilities are not only easy to remediate but also have PoC somewhere. Ignoring these vulnerabilities is simply not an option.
2023's Most Easily Exploitable, Critical CVEs
Vicki Kovacs
October 19, 2023
Share this post

CVE-2023–4863 – Heap-Based Buffer Overflow in WebP

Description: A critical CVE that allows remote attackers to trigger a heap buffer overflow during WebP image decoding.

Affected versions: All versions of the WebP Codec library (libwebp) from 0.5.0 to 1.3.2 are affected.

Severity: Critical

Type: Heap Buffer Overflow

Impact: Denial-of-Service (potentially can lead to RCE)

PoC: Yes

Exploit in the wild: Yes

CISA catalog: Yes

Remediation action: Update libwebp version to  1.3.2 or later

MITRE advisory: Read Here

Affected 3rd party products: 1Password, Brave, Chrome, Edge, Electron, Firefox, Honeyview, Obsidian, Opera, Signal, Telegram, Thunderbird, Tor Browser, Vivaldi

CVE-2023-5217: Heap-Based Buffer Overflow in libvpx

Description: CVE-2023-5217 is a significant cybersecurity vulnerability affecting the libvpx video codec library, utilized by various web browsers, including Chrome, Firefox, and Firefox Focus for Android. This CVE, identified as a heap-based buffer overflow, allows potential attackers to remotely execute arbitrary code via crafted web content, posing a high risk to users and necessitating prompt security updates.

Affected versions: All libvpx Codec library versions before 1.13.1 are affected.

Product category: Third-Party Software

Severity: High

Type: Heap Buffer Overflow

Impact: Remote Code Execution (RCE)

PoC: Yes

Exploit in the wild: Yes

CISA catalog: Yes

Remediation action: Update libvpx version to  1.13.1 or later

MITRE advisory: Read Here

Affected 3rd party products: Chrome, Firefox


CVE-2023-38545 - High-Severity Vulnerability in cUrl and libcurl

Description: A heap overflow CVE that can be exploited for remote code execution (RCE). It occurs during the SOCKS5 proxy handshake when an excessively long, attacker-controlled hostname is copied into a small local heap-based buffer.

Affected versions: cUrl and libcurl from 7.69.0 up to and including 8.3.0.

Severity: High

Type: Heap-based buffer overflow

Impact: Memory Corruption, DoS, RCE

PoC: Yes

Exploit in the wild: Potential

CISA catalog: No

Remediation action: Update libcurl version to 8.4.0 or later

MITRE advisory: Read here



CVE-2023-38408 - OpenSSH RCE

Description: A critical remote code execution CVE in OpenSSH's forwarded ssh-agent, allowing potential attackers to execute arbitrary commands on the affected system.

Affected versions: All versions of OpenSSH prior to 9.3p2

Severity: Critical

Type: Heap-based buffer overflow

Impact: Remote Code Execution (RCE)

PoC: Yes

Exploit in the wild: NO

CISA catalog: Yes

Remediation action: Update OpenSSH version to 9.3p2 or later

MITRE advisory: Read Here



CVE-2023-27524: Authentication Bypass in Apache Superset

Description: A critical CVE resulting from an insecure default configuration, potentially enabling unauthorized access and remote code execution.

Affected versions: Apache Superset, versions up to and including 2.0.1

Severity: Critical

Type: Insecure default configuration

Impact: Remote Code Execution (RCE)

PoC: Yes

Exploit in the wild: No

CISA catalog: No

Remediation action: Update Apache Superset version to 2.1.0 or later. Additionally, review system configurations to ensure security and change the SECRET_KEY to a cryptographically secure random string.

MITRE advisory: Read here


What's Next?

The blog has unveiled five remediable yet potentially exploited CVEs of 2023. To safeguard your code and cloud infra effectively, it's crucial to address these vulnerabilities promptly.


DevOcean, a Gartner Cool Vendor™, offers a Cloud-First Remediation OS that eliminates the manual efforts traditionally associated with tackling CVEs. It's akin to having a 24/7 automated remediation advisor for each of your development and security teams.


Request a Demo today and see how DevOcean consolidates and prioritizes findings, identifies root causes, and recommends efficient remediation paths across cloud and code.




Efficiency ahead.

We take the manual work out of cloud remediation so you can accomplish more.