CVE-2017-1000122 — Improper Input Validation in Webkitgtk

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 40.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webkitgtk Debian Webkit2gtk

Timeline

PublishedNov 1

Latest updateMay 17

Description

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶debiandebian/webkit2gtk< webkit2gtk 2.16.3-2 (bookworm)

▶NVDwebkitgtk/webkitgtk< 2.16.3

🔴Vulnerability Details

GHSA

GHSA-qhv9-mpfm-83c2: The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2↗2022-05-17

▶

OSV

CVE-2017-1000122: The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2↗2017-11-01

▶

📋Vendor Advisories

Debian

CVE-2017-1000122: webkit2gtk - The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not pro...↗2017

▶