Описание
Уязвимость функции WebCore::TextureMapperLayer::setContentsLayer (WebCore/platform/graphics/texmap/TextureMapperLayer.cpp) модулей отображения веб-страниц WebKitGTK и WPE WebKit связана с записью за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код или вызвать отказ в обслуживании
Вендор
Novell Inc.
Сообщество свободного программного обеспечения
ООО «РусБИТех-Астра»
Наименование ПО
SUSE Linux Enterprise Server for SAP Applications
Suse Linux Enterprise Server
SUSE OpenStack Cloud
SUSE Linux Enterprise Software Development Kit
Debian GNU/Linux
SUSE Enterprise Storage
HPE Helion Openstack
SUSE Linux Enterprise High Performance Computing
SUSE CaaS Platform
SUSE Linux Enterprise Module for Basesystem
SUSE Linux Enterprise Module for Desktop Applications
OpenSUSE Leap
Astra Linux Special Edition
SUSE Manager Proxy
SUSE Manager Server
Suse Linux Enterprise Desktop
SUSE Manager Retail Branch Server
WebKitGTK
WPE WebKit
SUSE Linux Enterprise Module for Development Tools
Версия ПО
12 SP3 (SUSE Linux Enterprise Server for SAP Applications)
12 SP4 (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-BCL (Suse Linux Enterprise Server)
15 (SUSE Linux Enterprise Server for SAP Applications)
15 SP1 (SUSE Linux Enterprise Server for SAP Applications)
12 SP3-LTSS (Suse Linux Enterprise Server)
8 (SUSE OpenStack Cloud)
12 SP3-BCL (Suse Linux Enterprise Server)
12 SP5 (Suse Linux Enterprise Server)
12 SP5 (SUSE Linux Enterprise Server for SAP Applications)
12 SP5 (SUSE Linux Enterprise Software Development Kit)
Crowbar 8 (SUSE OpenStack Cloud)
10 (Debian GNU/Linux)
6 (SUSE Enterprise Storage)
8 (HPE Helion Openstack)
12 SP3-ESPOS (Suse Linux Enterprise Server)
9 (SUSE OpenStack Cloud)
15-ESPOS (SUSE Linux Enterprise High Performance Computing)
15-LTSS (SUSE Linux Enterprise High Performance Computing)
15-LTSS (Suse Linux Enterprise Server)
Crowbar 9 (SUSE OpenStack Cloud)
12 SP4-ESPOS (Suse Linux Enterprise Server)
4.0 (SUSE CaaS Platform)
12 SP4-LTSS (Suse Linux Enterprise Server)
15 SP1-BCL (Suse Linux Enterprise Server)
15 SP1-LTSS (Suse Linux Enterprise Server)
15 SP1-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP1-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP3 (SUSE Linux Enterprise Module for Basesystem)
15 SP3 (SUSE Linux Enterprise Module for Desktop Applications)
15.3 (OpenSUSE Leap)
11 (Debian GNU/Linux)
1.7 (Astra Linux Special Edition)
15.4 (OpenSUSE Leap)
15 SP3 (SUSE Linux Enterprise High Performance Computing)
15 SP3 (Suse Linux Enterprise Server)
15 SP3 (SUSE Linux Enterprise Server for SAP Applications)
4.2 (SUSE Manager Proxy)
4.2 (SUSE Manager Server)
15 SP3 (Suse Linux Enterprise Desktop)
7 (SUSE Enterprise Storage)
15 SP2 (SUSE Linux Enterprise Server for SAP Applications)
4.1 (SUSE Manager Server)
4.1 (SUSE Manager Proxy)
15 SP2-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing)
4.1 (SUSE Manager Retail Branch Server)
15 SP4 (Suse Linux Enterprise Server)
15 SP4 (Suse Linux Enterprise Desktop)
15 SP2-BCL (Suse Linux Enterprise Server)
15 SP4 (SUSE Linux Enterprise Server for SAP Applications)
4.2 (SUSE Manager Retail Branch Server)
15 SP2-LTSS (Suse Linux Enterprise Server)
4.3 (SUSE Manager Retail Branch Server)
4.3 (SUSE Manager Proxy)
4.3 (SUSE Manager Server)
15 SP4 (SUSE Linux Enterprise High Performance Computing)
7.1 (SUSE Enterprise Storage)
до 2.36.1 (WebKitGTK)
до 2.36.1 (WPE WebKit)
15 SP4 (SUSE Linux Enterprise Module for Basesystem)
15 SP4 (SUSE Linux Enterprise Module for Desktop Applications)
15 SP4 (SUSE Linux Enterprise Module for Development Tools)
4.7 (Astra Linux Special Edition)
Тип ПО
Операционная система
Прикладное ПО информационных систем
Сетевое средство
Операционные системы и аппаратные платформы
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4
Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1
Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL
Novell Inc. Suse Linux Enterprise Server 12 SP5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5
Сообщество свободного программного обеспечения Debian GNU/Linux 10
Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS
Novell Inc. Suse Linux Enterprise Server 15-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS
Novell Inc. Suse Linux Enterprise Server 12 SP4-LTSS
Novell Inc. Suse Linux Enterprise Server 15 SP1-BCL
Novell Inc. Suse Linux Enterprise Server 15 SP1-LTSS
Novell Inc. OpenSUSE Leap 15.3
Сообщество свободного программного обеспечения Debian GNU/Linux 11
ООО «РусБИТех-Астра» Astra Linux Special Edition 1.7
Novell Inc. OpenSUSE Leap 15.4
Novell Inc. Suse Linux Enterprise Server 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3
Novell Inc. Suse Linux Enterprise Desktop 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2
Novell Inc. Suse Linux Enterprise Server 15 SP4
Novell Inc. Suse Linux Enterprise Desktop 15 SP4
Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4
Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS
ООО «РусБИТех-Астра» Astra Linux Special Edition 4.7
Уровень опасности уязвимости
Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,6)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,5)
Возможные меры по устранению уязвимости
Использование рекомендаций:
Для WebKitGTK и WPE WebKit:
https://webkitgtk.org/security/WSA-2022-0005.html
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2022-26719
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2022-30293.html
Для ОС Astra Linux:
использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Существует в открытом доступе
Информация об устранении
Уязвимость устранена
Ссылки на источники
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
Процентиль: 38%
0.00164
Низкий
7.5 High
CVSS3
7.6 High
CVSS2
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 3 лет назад
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
CVSS3: 7.5
redhat
около 3 лет назад
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
CVSS3: 7.5
nvd
около 3 лет назад
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
CVSS3: 7.5
debian
около 3 лет назад
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based bu ...
CVSS3: 7.5
github
около 3 лет назад
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
EPSS
Процентиль: 38%
0.00164
Низкий
7.5 High
CVSS3
7.6 High
CVSS2