Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-5309-1 wpewebkit -- security update

Related Vulnerabilities: CVE-2022-42852   CVE-2022-42856   CVE-2022-42867   CVE-2022-46692   CVE-2022-46698   CVE-2022-46699   CVE-2022-46700  

The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-42852 hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. CVE-2022-42856 Clement Lecigne discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-42867 Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-46692 KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. CVE-2022-46698 Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. CVE-2022-46699 Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-46700 Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution. For the stable distribution (bullseye), these problems have been fixed in version 2.38.3-1~deb11u1. We recommend that you upgrade your wpewebkit packages. For the detailed security status of wpewebkit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpewebkit

Source

Debian Security Advisory

DSA-5309-1 wpewebkit -- security update

Date Reported:
31 Dec 2022
Affected Packages:
wpewebkit
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2022-42852, CVE-2022-42856, CVE-2022-42867, CVE-2022-46692, CVE-2022-46698, CVE-2022-46699, CVE-2022-46700.
More information:

The following vulnerabilities have been discovered in the WPE WebKit web engine:

  • CVE-2022-42852

    hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory.

  • CVE-2022-42856

    Clement Lecigne discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2022-42867

    Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2022-46692

    KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy.

  • CVE-2022-46698

    Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information.

  • CVE-2022-46699

    Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2022-46700

    Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution.

For the stable distribution (bullseye), these problems have been fixed in version 2.38.3-1~deb11u1.

We recommend that you upgrade your wpewebkit packages.

For the detailed security status of wpewebkit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpewebkit

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started