Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-42856

Опубликовано: 14 дек. 2022
Источник: redhat
CVSS3: 8.8

Описание

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..

A vulnerability was found in webkitgtk, where a type confusion issue was addressed with improved memory handling. By this security flaw processing maliciously crafted web content may lead to arbitrary code execution.

Отчет

Red Hat is not aware of any exploitation of this flaw in Linux platforms at this time.

Меры по смягчению последствий

Setting the environment variable JSC_useFTLJIT=0 will disable the vulnerable code. (This will also somewhat slow down JavaScript execution.)

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6webkitgtkWill not fix
Red Hat Enterprise Linux 7webkitgtk3Will not fix
Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4FixedRHSA-2025:1036407.07.2025
Red Hat Enterprise Linux 8webkit2gtk3FixedRHSA-2023:001604.01.2023
Red Hat Enterprise Linux 9webkit2gtk3FixedRHSA-2023:002104.01.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-843
https://bugzilla.redhat.com/show_bug.cgi?id=2153683webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-42856

CVSS3: 8.8
ubuntu
больше 2 лет назад

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..

nvd логотип

CVE-2022-42856

CVSS3: 8.8
nvd
больше 2 лет назад

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..

debian логотип

CVE-2022-42856

CVSS3: 8.8
debian
больше 2 лет назад

A type confusion issue was addressed with improved state handling. Thi ...

suse-cvrf логотип

SUSE-SU-2022:4634-1

suse-cvrf
больше 2 лет назад

Security update for webkit2gtk3

rocky логотип

RLSA-2023:0021

rocky
больше 2 лет назад

Important: webkit2gtk3 security update

8.8 High

CVSS3