Home

CVE-2019-8375

Description

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
19.285

Associated Vulnerability

VulnerabilityOS Platform
Web content engine library for GTK+ (USN-3889-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.04.1_i386.debLinux
Web content engine library for GTK+ (USN-3889-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-3889-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.10.2_i386.debLinux
Web content engine library for GTK+ (USN-3889-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.10.2_amd64.debLinux
Web content engine library for GTK+ (USN-3889-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.04.1_i386.debLinux
Web content engine library for GTK+ (USN-3889-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-3889-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.10.2_i386.debLinux
Web content engine library for GTK+ (USN-3889-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.10.2_amd64.debLinux
Web content engine library for GTK+ (USN-3948-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.04.1_i386.debLinux
Web content engine library for GTK+ (USN-3948-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-3948-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.10.2_i386.debLinux
Web content engine library for GTK+ (USN-3948-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.10.2_amd64.debLinux
Web content engine library for GTK+ (USN-3948-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.04.1_i386.debLinux
Web content engine library for GTK+ (USN-3948-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-3948-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.10.2_i386.debLinux
Web content engine library for GTK+ (USN-3948-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.10.2_amd64.debLinux
SUSE-SU-2019:1030-1(SUSE Linux Enterprise Desktop 12-SP4 ) libjavascriptcoregtk-4_0-18-2.24.0-2.38.2.x86_64.rpmLinux
SUSE-SU-2019:1030-1(SUSE Linux Enterprise Desktop 12-SP4 ) libjavascriptcoregtk-4_0-18-debuginfo-2.24.0-2.38.2.x86_64.rpmLinux
SUSE-SU-2019:1030-1(SUSE Linux Enterprise Desktop 12-SP4 ) libwebkit2gtk-4_0-37-2.24.0-2.38.2.x86_64.rpmLinux
SUSE-SU-2019:1030-1(SUSE Linux Enterprise Desktop 12-SP4 ) libwebkit2gtk-4_0-37-debuginfo-2.24.0-2.38.2.x86_64.rpmLinux
SUSE-SU-2019:1030-1(SUSE Linux Enterprise Desktop 12-SP4 ) libwebkit2gtk3-lang-2.24.0-2.38.2.noarch.rpmLinux
SUSE-SU-2019:1030-1(SUSE Linux Enterprise Desktop 12-SP4 ) typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2.x86_64.rpmLinux
SUSE-SU-2019:1030-1(SUSE Linux Enterprise Desktop 12-SP4 ) typelib-1_0-WebKit2-4_0-2.24.0-2.38.2.x86_64.rpmLinux
SUSE-SU-2019:1030-1(SUSE Linux Enterprise Desktop 12-SP4 ) webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2.x86_64.rpmLinux
SUSE-SU-2019:1030-1(SUSE Linux Enterprise Desktop 12-SP4 ) webkit2gtk-4_0-injected-bundles-debuginfo-2.24.0-2.38.2.x86_64.rpmLinux
SUSE-SU-2019:1030-1(SUSE Linux Enterprise Desktop 12-SP4 ) webkit2gtk3-debugsource-2.24.0-2.38.2.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234