WebkitGTK+ up to 2.22.6/2.23.90 UIProcess Subsystem WebKitScriptDialogGtk.cpp memory corruption

Summaryinfo

A vulnerability has been found in WebkitGTK+ up to 2.22.6/2.23.90 and classified as critical. This affects an unknown part of the file UIProcess/API/gtk/WebKitScriptDialogGtk.cpp of the component UIProcess Subsystem. This manipulation causes memory corruption. This vulnerability is registered as CVE-2019-8375. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Detailsinfo

A vulnerability was found in WebkitGTK+ up to 2.22.6/2.23.90 (Web Browser). It has been declared as critical. Affected by this vulnerability is an unknown part of the file UIProcess/API/gtk/WebKitScriptDialogGtk.cpp of the component UIProcess Subsystem. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).

The bug was discovered 04/01/2019. The weakness was published 02/24/2019 (Website). It is possible to read the advisory at exploit-db.com. This vulnerability is known as CVE-2019-8375 since 02/16/2019. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Technical details and also a public exploit are known.

It is possible to download the exploit at exploit-db.com. It is declared as proof-of-concept. The commercial vulnerability scanner Qualys is able to test this issue with plugin 197431 (Ubuntu Security Notification for Webkit2gtk Vulnerabilities (USN-3948-1)).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entries are available at VDB-129147, VDB-132263, VDB-132301 and VDB-132339. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Web Browser

Name

• WebkitGTK+

Version

• 2.22.0
• 2.22.1
• 2.22.2
• 2.22.3
• 2.22.4
• 2.22.5
• 2.22.6
• 2.23.0
• 2.23.1
• 2.23.2
• 2.23.3
• 2.23.4
• 2.23.5
• 2.23.6
• 2.23.7
• 2.23.8
• 2.23.9
• 2.23.10
• 2.23.11
• 2.23.12
• 2.23.13
• 2.23.14
• 2.23.15
• 2.23.16
• 2.23.17
• 2.23.18
• 2.23.19
• 2.23.20
• 2.23.21
• 2.23.22
• 2.23.23
• 2.23.24
• 2.23.25
• 2.23.26
• 2.23.27
• 2.23.28
• 2.23.29
• 2.23.30
• 2.23.31
• 2.23.32
• 2.23.33
• 2.23.34
• 2.23.35
• 2.23.36
• 2.23.37
• 2.23.38
• 2.23.39
• 2.23.40
• 2.23.41
• 2.23.42
• 2.23.43
• 2.23.44
• 2.23.45
• 2.23.46
• 2.23.47
• 2.23.48
• 2.23.49
• 2.23.50
• 2.23.51
• 2.23.52
• 2.23.53
• 2.23.54
• 2.23.55
• 2.23.56
• 2.23.57
• 2.23.58
• 2.23.59
• 2.23.60
• 2.23.61
• 2.23.62
• 2.23.63
• 2.23.64
• 2.23.65
• 2.23.66
• 2.23.67
• 2.23.68
• 2.23.69
• 2.23.70
• 2.23.71
• 2.23.72
• 2.23.73
• 2.23.74
• 2.23.75
• 2.23.76
• 2.23.77
• 2.23.78
• 2.23.79
• 2.23.80
• 2.23.81
• 2.23.82
• 2.23.83
• 2.23.84
• 2.23.85
• 2.23.86
• 2.23.87
• 2.23.88
• 2.23.89
• 2.23.90

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion