CVE-2018-11712 — Improper Certificate Validation in Webkitgtk

CWE-295 — Improper Certificate Validation12 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 55.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Webkit2gtk Webkitgtk

Timeline

PublishedJun 4

Latest updateMay 14

Description

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/webkit2gtk< webkit2gtk 2.20.2-1 (bookworm)

▶NVDwebkitgtk/webkitgtk2.20.0, 2.20.1+1

Patches

Patch: bugs.webkit.org ↗Patch: trac.webkit.org ↗Patch: bugs.webkit.org ↗

🔴Vulnerability Details

GHSA

GHSA-2c7h-c396-x7rf: WebCore/platform/network/soup/SocketStreamHandleImplSoup↗2022-05-14

▶

OSV

CVE-2018-11712: WebCore/platform/network/soup/SocketStreamHandleImplSoup↗2018-06-04

▶

📋Vendor Advisories

Red Hat

webkitgtk: Improper TLS certificate verification for WebSocket connections↗2018-06-07

▶

Debian

CVE-2018-11712: webkit2gtk - WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup netw...↗2018

▶

💬Community

Bugzilla

CVE-2018-11712 mingw-webkitgtk3: webkitgtk: Improper TLS certificate verification for WebSocket connections [fedora-all]↗2018-06-07

▶

Bugzilla

CVE-2018-11712 webkitgtk: Improper TLS certificate verification for WebSocket connections [epel-all]↗2018-06-07

▶

Bugzilla

CVE-2018-11712 webkitgtk: Improper TLS certificate verification for WebSocket connections [fedora-all]↗2018-06-07

▶

Bugzilla

CVE-2018-11712 webkit2gtk3: webkitgtk: Improper TLS certificate verification for WebSocket connections [fedora-28]↗2018-06-07

▶

Bugzilla

CVE-2018-11712 webkitgtk: Improper TLS certificate verification for WebSocket connections↗2018-06-07

▶