Описание
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Отчет
This issue only affects Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2, which introduced this regression via the following errata: https://access.redhat.com/errata/RHSA-2023:2834 (Red Hat Enterprise Linux 8.8) https://access.redhat.com/errata/RHSA-2023:2256 (Red Hat Enterprise Linux 9.2) These errata provided updates for WebKitGTK packages, but did not include fixes for CVE-2023-28205. A user who installs or updates to Red Hat Enterprise Linux 8.8 or Red Hat Enterprise Linux 9.2 would be vulnerable to the CVE-2023-28205, even if they were properly fixed in Red Hat Enterprise Linux 8.7 and Red Hat Enterprise Linux 9.1. The CVE-2023-2203 was assigned to that Red Hat specific security regression and it is not applicable to any upstream WebKitGTK version or WebKitGTK packages of any other vendor that are not directly based on Red Hat Enterprise Linux packages. For more details about the original security issue CVE-2023-28205, refer to the CVE page: https://access.redhat.com/security/cve/CVE-2023-28205.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | webkitgtk | Not affected | ||
| Red Hat Enterprise Linux 7 | webkitgtk3 | Not affected | ||
| Red Hat Enterprise Linux 7 | webkitgtk4 | Not affected | ||
| Red Hat Enterprise Linux 8 | webkit2gtk3 | Fixed | RHSA-2023:3108 | 16.05.2023 |
| Red Hat Enterprise Linux 9 | webkit2gtk3 | Fixed | RHSA-2023:2653 | 09.05.2023 |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
A flaw was found in the WebKitGTK package. An improper input validatio ...
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
8.8 High
CVSS3