CVE-2019-8375

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00058.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00005.html	Mailing List Third Party Advisory
https://bugs.webkit.org/show_bug.cgi?id=184875	Issue Tracking Permissions Required Third Party Advisory
https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531	Patch Third Party Advisory
https://trac.webkit.org/changeset/241515/webkit	Patch Vendor Advisory
https://usn.ubuntu.com/3948-1/	Third Party Advisory
https://www.exploit-db.com/exploits/46465/	Exploit Third Party Advisory VDB Entry
https://www.inputzero.io/2019/02/fuzzing-webkit.html	Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00058.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00005.html	Mailing List Third Party Advisory
https://bugs.webkit.org/show_bug.cgi?id=184875	Issue Tracking Permissions Required Third Party Advisory
https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531	Patch Third Party Advisory
https://trac.webkit.org/changeset/241515/webkit	Patch Vendor Advisory
https://usn.ubuntu.com/3948-1/	Third Party Advisory
https://www.exploit-db.com/exploits/46465/	Exploit Third Party Advisory VDB Entry
https://www.inputzero.io/2019/02/fuzzing-webkit.html	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:webkitgtk:webkitgtk::::::::
	cpe:2.3:a:webkitgtk:webkitgtk\+::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:42.3:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

History

21 Nov 2024, 04:49

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00058.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00058.html - Mailing List, Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00005.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00005.html - Mailing List, Third Party Advisory
References	~~() https://bugs.webkit.org/show_bug.cgi?id=184875 - Issue Tracking, Permissions Required, Third Party Advisory~~	() https://bugs.webkit.org/show_bug.cgi?id=184875 - Issue Tracking, Permissions Required, Third Party Advisory
References	~~() https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531 - Patch, Third Party Advisory~~	() https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531 - Patch, Third Party Advisory
References	~~() https://trac.webkit.org/changeset/241515/webkit - Patch, Vendor Advisory~~	() https://trac.webkit.org/changeset/241515/webkit - Patch, Vendor Advisory
References	~~() https://usn.ubuntu.com/3948-1/ - Third Party Advisory~~	() https://usn.ubuntu.com/3948-1/ - Third Party Advisory
References	~~() https://www.exploit-db.com/exploits/46465/ - Exploit, VDB Entry, Third Party Advisory~~	() https://www.exploit-db.com/exploits/46465/ - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.inputzero.io/2019/02/fuzzing-webkit.html - Exploit, Third Party Advisory~~	() https://www.inputzero.io/2019/02/fuzzing-webkit.html - Exploit, Third Party Advisory

Information

Published : 2019-02-24 13:29

Updated : 2024-11-21 04:49

NVD link : CVE-2019-8375

Mitre link : CVE-2019-8375

CVE.ORG link : CVE-2019-8375

JSON object : View

Products Affected

canonical

ubuntu_linux

webkitgtk

webkitgtk\+
webkitgtk

opensuse

leap

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2019-8375", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-02-24T13:29:00.357", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00058.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00005.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugs.webkit.org/show_bug.cgi?id=184875", "tags": ["Issue Tracking", "Permissions Required", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://trac.webkit.org/changeset/241515/webkit", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3948-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/46465/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.inputzero.io/2019/02/fuzzing-webkit.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00058.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00005.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.webkit.org/show_bug.cgi?id=184875", "tags": ["Issue Tracking", "Permissions Required", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://trac.webkit.org/changeset/241515/webkit", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3948-1/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/46465/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.inputzero.io/2019/02/fuzzing-webkit.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany)."}, {"lang": "es", "value": "El subsistema UIProcess en WebKit, tal y como se utiliza en WebKitGTK, hasta la versi\u00f3n 2.23.90, y WebKitGTK+, hasta la versi\u00f3n 2.22.6 y otros productos, no evita que el tama\u00f1o del di\u00e1logo del script sobrepase el tama\u00f1o de la vista web, lo que permite que los atacantes remotos provoquen una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer) o, posiblemente, otro tipo de impacto sin especificar. Esto est\u00e1 relacionado con UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp y UIProcess/API/gtk/WebKitWebViewGtk.cpp, tal y como queda demostrado por GNOME Web (tambi\u00e9n conocido como Epiphany)."}], "lastModified": "2024-11-21T04:49:46.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86D389C2-8755-474B-A46D-1F0EC1C9D2D8", "versionEndIncluding": "2.23.90"}, {"criteria": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35CC84CF-4D86-4D99-99EB-2DAD3F54D9A6", "versionEndIncluding": "2.22.6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

9.8 /10