Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-29536

Published: 20/04/2022 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Epiphany

Vulnerability Summary

In GNOME Epiphany prior to 41.4 and 42.x prior to 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome epiphany

fedoraproject fedora 34

fedoraproject fedora 35

fedoraproject fedora 36

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian CVElist Bug Report Logs: epiphany-browser: CVE-2022-29536
Debian Bug report logs - #1009959 epiphany-browser: CVE-2022-29536 Package: src:epiphany-browser; Maintainer for src:epiphany-browser is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 21 Apr 2022 08:57:02 UTC Severity: importa ...
Ubuntu Security Notice: USN-5561-1: GNOME Web vulnerabilities
Several security issues were fixed in GNOME Web ...
Debian Security Advisories: DSA-5208-1 epiphany-browser -- security update
Michael Catanzaro discovered a buffer overflow in the Epiphany web browser For the stable distribution (bullseye), this problem has been fixed in version 3382-1+deb11u3 We recommend that you upgrade your epiphany-browser packages For the detailed security status of epiphany-browser please refer to its security tracker page at: security ...
Arch Linux Issues:
In GNOME Epiphany before 414 and 42x before 422, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-787https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106https://www.debian.org/security/2022/dsa-5208https://lists.debian.org/debian-lts-announce/2022/08/msg00006.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5K5UPNHVWXDPSMBNSB2645MD2N5CXQS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLLDMY4JYDZTMZSCPSY23K5YW3SQYUR6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7YWVIUGFRA6GOE3QAPSJJ6EL3DJG5NX/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009959https://ubuntu.com/security/notices/USN-5561-1https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11https://www.debian.org/security/2022/dsa-5208
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook