Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-32893

Опубликовано: 25 авг. 2022
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to an out-of-bounds write. This flaw allows an attacker with network access to pass specially crafted web content files, causing arbitrary code execution.

Отчет

Since Red Hat Enterprise Linux 6 and 7 are Out-of-Support-Scope for Low/Moderate flaws, the issue is not currently planned to be addressed in future updates for RHEL-6,7. Only Important and Critical severity flaws will be addressed at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6webkitgtkOut of support scope
Red Hat Enterprise Linux 7webkitgtk3Out of support scope
Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4FixedRHSA-2025:1036407.07.2025
Red Hat Enterprise Linux 8webkit2gtk3FixedRHSA-2022:654015.09.2022
Red Hat Enterprise Linux 9webkit2gtk3FixedRHSA-2022:663420.09.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20->CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2121645webkitgtk: processing maliciously crafted web content may lead to arbitrary code execution

EPSS

Процентиль: 35%
0.00145
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-32893

CVSS3: 8.8
ubuntu
почти 3 года назад

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

nvd логотип

CVE-2022-32893

CVSS3: 8.8
nvd
почти 3 года назад

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

debian логотип

CVE-2022-32893

CVSS3: 8.8
debian
почти 3 года назад

An out-of-bounds write issue was addressed with improved bounds checki ...

suse-cvrf логотип

SUSE-SU-2022:3352-1

suse-cvrf
почти 3 года назад

Security update for webkit2gtk3

suse-cvrf логотип

SUSE-SU-2022:3351-1

suse-cvrf
почти 3 года назад

Security update for webkit2gtk3

EPSS

Процентиль: 35%
0.00145
Низкий

8.8 High

CVSS3