Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-23529

Опубликовано: 13 фев. 2023
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system.

Отчет

Red Hat is not aware of any exploitation of this flaw in Linux platforms at this time.

Меры по смягчению последствий

Setting the environment variable JSC_useDFGJIT=0 will mitigate this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6webkitgtkWill not fix
Red Hat Enterprise Linux 7webkitgtk3Will not fix
Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4FixedRHSA-2025:1036407.07.2025
Red Hat Enterprise Linux 8webkit2gtk3FixedRHSA-2023:090222.02.2023
Red Hat Enterprise Linux 9webkit2gtk3FixedRHSA-2023:090322.02.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2169934webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution

EPSS

Процентиль: 19%
0.0006
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-23529

CVSS3: 8.8
ubuntu
больше 2 лет назад

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

nvd логотип

CVE-2023-23529

CVSS3: 8.8
nvd
больше 2 лет назад

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

debian логотип

CVE-2023-23529

CVSS3: 8.8
debian
больше 2 лет назад

A type confusion issue was addressed with improved checks. This issue ...

rocky логотип

RLSA-2023:0903

rocky
больше 2 лет назад

Important: webkit2gtk3 security update

rocky логотип

RLSA-2023:0902

rocky
больше 2 лет назад

Important: webkit2gtk3 security update

EPSS

Процентиль: 19%
0.0006
Низкий

8.8 High

CVSS3