Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-22620

Опубликовано: 17 фев. 2022
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

A use-after-free vulnerability was found in WebKitGTK. The vulnerability occurs when processing HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, triggering a use-after-free error and leading to the execution of arbitrary code on the system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9webkit2gtk3Not affected
Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4FixedRHSA-2025:1036407.07.2025
Red Hat Enterprise Linux 8webkit2gtk3FixedRHSA-2022:177710.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2056474webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free

EPSS

Процентиль: 88%
0.03877
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-22620

CVSS3: 8.8
ubuntu
больше 3 лет назад

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

nvd логотип

CVE-2022-22620

CVSS3: 8.8
nvd
больше 3 лет назад

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

debian логотип

CVE-2022-22620

CVSS3: 8.8
debian
больше 3 лет назад

A use after free issue was addressed with improved memory management. ...

suse-cvrf логотип

SUSE-SU-2022:0811-1

suse-cvrf
больше 3 лет назад

Security update for webkit2gtk3

github логотип

GHSA-2886-x646-53fj

CVSS3: 8.8
github
больше 3 лет назад

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

EPSS

Процентиль: 88%
0.03877
Низкий

8.8 High

CVSS3