CVE-2023-28205

Опубликовано: 07 апр. 2023

Источник: redhat

CVSS3: 8.8

EPSS Низкий

Описание

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

A flaw was found in the webkitgtk package. An improper input validation issue may lead to a use-after-free vulnerability. This vulnerability allows attackers with network access to pass specially crafted web content files, causing Denial of Service or Arbitrary Code Execution.

Отчет

Red Hat is not aware of any exploitation of this flaw in Linux platforms at this time.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	webkitgtk	Out of support scope
Red Hat Enterprise Linux 7	webkitgtk3	Affected
Red Hat Enterprise Linux 7 Extended Lifecycle Support	webkitgtk4	Fixed	RHSA-2025:10364	07.07.2025
Red Hat Enterprise Linux 8	webkit2gtk3	Fixed	RHSA-2023:1919	20.04.2023
Red Hat Enterprise Linux 9	webkit2gtk3	Fixed	RHSA-2023:1918	20.04.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2185724WebKitGTK: use-after-free leads to arbitrary code execution

EPSS

Процентиль: 17%

0.00055

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2023-28205

CVSS3: 8.8

ubuntu

больше 2 лет назад

CVE-2023-28205

CVSS3: 8.8

nvd

больше 2 лет назад

CVE-2023-28205

CVSS3: 8.8

debian

больше 2 лет назад

A use after free issue was addressed with improved memory management. ...

RLSA-2023:1919

rocky

больше 2 лет назад

Important: webkit2gtk3 security update

RLSA-2023:1918

rocky

больше 2 лет назад

Important: webkit2gtk3 security update

EPSS

Процентиль: 17%

0.00055

Низкий

8.8 High

CVSS3