Описание
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| chromium | fixed | 103.0.5060.114-1 | package | |
| chromium | end-of-life | buster | package | |
| chromium | end-of-life | stretch | package | |
| webkit2gtk | fixed | 2.36.6-1 | package | |
| webkit2gtk | fixed | 2.36.6-1~deb11u1 | bullseye | package |
| webkit2gtk | fixed | 2.36.6-1~deb10u1 | buster | package |
| wpewebkit | fixed | 2.36.6-1 | package | |
| wpewebkit | fixed | 2.36.6-1~deb11u1 | bullseye | package |
Примечания
https://www.openwall.com/lists/oss-security/2022/07/28/2
Debian WebKitGTK and WPE WebKit binary packages are built without LibWebRTC
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-2294.html
EPSS
Связанные уязвимости
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
EPSS