Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2019-8375

Published: 24/02/2019 Updated: 09/05/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Webkitgtk

Vulnerability Summary

The UIProcess subsystem in WebKit, as used in WebKitGTK up to and including 2.23.90 and WebKitGTK+ up to and including 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote malicious users to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

webkitgtk webkitgtk

webkitgtk webkitgtk\\+

opensuse leap 15.0

opensuse leap 42.3

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

Vendor Advisories

Ubuntu Security Notice: webkit2gtk vulnerabilities
Several security issues were fixed in WebKitGTK+ ...

Exploits

Exploit DB: WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
#Exploit Title: Buffer overflow # Date: 27-02-2019 # Exploit Author: Dhiraj Mishra # Vendor Homepage: webkitorg/ # Software Link: gitlabgnomeorg/GNOME/epiphany # Version: 22390 # Tested on: Linux 4150-38-generic # CVE: CVE-2019-8375 # References: # nvdnistgov/vuln/detail/CVE-2019-8375 # wwwinputzeroio/2019 ...

References

CWE-119https://www.inputzero.io/2019/02/fuzzing-webkit.htmlhttps://trac.webkit.org/changeset/241515/webkithttps://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531https://bugs.webkit.org/show_bug.cgi?id=184875https://www.exploit-db.com/exploits/46465/http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00058.htmlhttps://usn.ubuntu.com/3948-1/http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00005.htmlhttps://nvd.nist.govhttps://usn.ubuntu.com/3948-1/https://www.exploit-db.com/exploits/46465
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook