Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-27820

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 25 сСнт. 2024
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: redhat
CVSS3: 8.8
EPSS Низкий

ОписаниС

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.

A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.

ΠžΡ‚Ρ‡Π΅Ρ‚

This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users' systems just by visiting compromised websites, posing significant risks like data theft and system compromise.

ΠœΠ΅Ρ€Ρ‹ ΠΏΠΎ ΡΠΌΡΠ³Ρ‡Π΅Π½ΠΈΡŽ послСдствий

Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp. This vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction. To mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface. Additionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΠ°ΠΊΠ΅Ρ‚Ρ‹

ΠŸΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ°ΠŸΠ°ΠΊΠ΅Ρ‚Π‘ΠΎΡΡ‚ΠΎΡΠ½ΠΈΠ΅Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°Ρ†ΠΈΡΠ Π΅Π»ΠΈΠ·
Red Hat Enterprise Linux 6webkitgtkOut of support scope
Red Hat Enterprise Linux 7webkitgtk3Will not fix
Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4FixedRHSA-2025:1036407.07.2025
Red Hat Enterprise Linux 8webkit2gtk3FixedRHSA-2024:963614.11.2024
Red Hat Enterprise Linux 8.2 Advanced Update Supportwebkit2gtk3FixedRHSA-2024:968014.11.2024
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Supportwebkit2gtk3FixedRHSA-2024:967914.11.2024
Red Hat Enterprise Linux 8.4 Telecommunications Update Servicewebkit2gtk3FixedRHSA-2024:967914.11.2024
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutionswebkit2gtk3FixedRHSA-2024:967914.11.2024
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Supportwebkit2gtk3FixedRHSA-2024:965314.11.2024
Red Hat Enterprise Linux 8.6 Telecommunications Update Servicewebkit2gtk3FixedRHSA-2024:965314.11.2024

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

Π”ΠΎΠΏΠΎΠ»Π½ΠΈΡ‚Π΅Π»ΡŒΠ½Π°Ρ информация

Бтатус:

Important
Π”Π΅Ρ„Π΅ΠΊΡ‚:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2314698webkitgtk: Processing web content may lead to arbitrary code execution

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 78%
0.01181
Низкий

8.8 High

CVSS3

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-27820

CVSS3: 8.8
ubuntu
большС 1 года назад

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-27820

CVSS3: 8.8
nvd
большС 1 года назад

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-27820

CVSS3: 8.8
debian
большС 1 года назад

The issue was addressed with improved memory handling. This issue is f ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-qvvc-v3mj-qch5

CVSS3: 8.8
github
большС 1 года назад

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2024-09449

CVSS3: 8.8
fstec
большС 1 года назад

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ ΠΌΠΎΠ΄ΡƒΠ»Π΅ΠΉ отобраТСния Π²Π΅Π±-страниц WebKitGTK ΠΈ WPE WebKit, связанная с Π²Ρ‹Ρ…ΠΎΠ΄ΠΎΠΌ ΠΎΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΈ Π·Π° Π³Ρ€Π°Π½ΠΈΡ†Ρ‹ Π±ΡƒΡ„Π΅Ρ€Π° Π² памяти, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚Π΅Π»ΡŽ ΠΏΠΎΠ»ΡƒΡ‡ΠΈΡ‚ΡŒ доступ ΠΊ ΠΊΠΎΠ½Ρ„ΠΈΠ΄Π΅Π½Ρ†ΠΈΠ°Π»ΡŒΠ½Ρ‹ΠΌ Π΄Π°Π½Π½Ρ‹ΠΌ, Π½Π°Ρ€ΡƒΡˆΠΈΡ‚ΡŒ ΠΈΡ… Ρ†Π΅Π»ΠΎΡΡ‚Π½ΠΎΡΡ‚ΡŒ, Π° Ρ‚Π°ΠΊΠΆΠ΅ Π²Ρ‹Π·Π²Π°Ρ‚ΡŒ ΠΎΡ‚ΠΊΠ°Π· Π² обслуТивании

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 78%
0.01181
Низкий

8.8 High

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2024-27820