Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-1000121

Опубликовано: 01 нояб. 2017
Источник: debian

Описание

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
webkit2gtkfixed2.16.3-2package

Примечания

  • https://webkitgtk.org/security/WSA-2017-0007.html

  • Not covered by security support

Связанные уязвимости

ubuntu логотип

CVE-2017-1000121

CVSS3: 9.8
ubuntu
больше 8 лет назад

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.

nvd логотип

CVE-2017-1000121

CVSS3: 9.8
nvd
больше 8 лет назад

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.

github логотип

GHSA-rv46-gc6r-8ffx

CVSS3: 9.8
github
больше 3 лет назад

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.

fstec логотип

BDU:2018-00197

CVSS3: 9.8
fstec
больше 8 лет назад

Уязвимость функции IPC::Connection::processMessage UNIX IPC ядра отображения веб-страниц WebKitGTK+, позволяющая нарушителю вызвать переполнение буфера