Vulnerabilites related to webkitgtk - webkit2gtk3
Vulnerability from fkie_nvd
Published
2023-05-17 22:15
Modified
2025-01-22 20:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2023:2653 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2023:3108 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-2203 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2188543 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2023:2653 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2023:3108 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-2203 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2188543 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webkitgtk | webkit2gtk3 | 2.38.5-1.el8 | |
| webkitgtk | webkit2gtk3 | 2.38.5-1.el9 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_eus | 8.8 | |
| redhat | enterprise_linux_eus | 9.2 | |
| redhat | enterprise_linux_server_aus | 8.8 | |
| redhat | enterprise_linux_server_aus | 9.2 | |
| redhat | enterprise_linux_server_tus | 8.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webkitgtk:webkit2gtk3:2.38.5-1.el8:*:*:*:*:*:*:*", matchCriteriaId: "6BB73A61-D849-4CF2-964C-14D81547E142", vulnerable: true, }, { criteria: "cpe:2.3:a:webkitgtk:webkit2gtk3:2.38.5-1.el9:*:*:*:*:*:*:*", matchCriteriaId: "A43FB56A-1885-47D6-9126-A8531FCB44C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "0CD25A35-9C2B-4382-8720-4E39F928170B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.", }, ], id: "CVE-2023-2203", lastModified: "2025-01-22T20:15:30.390", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-17T22:15:10.943", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:2653", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:3108", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-2203", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:2653", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:3108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-2203", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188543", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-2203
Vulnerability from cvelistv5
Published
2023-05-17 00:00
Modified
2025-01-22 19:41
Severity ?
EPSS score ?
Summary
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:12:20.656Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188543", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-2203", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:3108", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:2653", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-2203", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T19:41:47.306054Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-22T19:41:51.118Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "WebKitGTK", vendor: "n/a", versions: [ { status: "affected", version: "Affects webkit2gtk3 v2.38.5-1.el8 and webkit2gtk3 v2.38.5-1.el9, Fixed in webkit2gtk3 v2.38.5-1.el8_8.3 and webkit2gtk3 v2.38.5-1.el9_2.1", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 - Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-17T00:00:00.000Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188543", }, { url: "https://access.redhat.com/security/cve/CVE-2023-2203", }, { url: "https://access.redhat.com/errata/RHSA-2023:3108", }, { url: "https://access.redhat.com/errata/RHSA-2023:2653", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-2203", datePublished: "2023-05-17T00:00:00.000Z", dateReserved: "2023-04-21T00:00:00.000Z", dateUpdated: "2025-01-22T19:41:51.118Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }