CVE-2019-8375
published 2019-02-24CVE-2019-8375: The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
16.11%
96.5th percentile
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | webkit2gtk | < webkit2gtk 2.24.1-1 (bookworm) | webkit2gtk 2.24.1-1 (bookworm) |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| webkitgtk | webkitgtk | <= 2.23.90 | — |
| webkitgtk | webkitgtk | <= 2.22.6 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger is a JavaScript script dialog (e.g., alert/prompt) whose content string is inflated in a loop to exceed the web view size, causing a buffer overflow in the GTK UIProcess subsystem. Monitor for abnormally large script dialog invocations from web content. ↗
- →Exploitation is demonstrated via GNOME Web (Epiphany) on Linux; detection should focus on WebKitGTK/WebKitGTK+ processes crashing or producing abnormal memory faults when rendering pages with large script dialogs. ↗
- ·Vulnerability is fixed in WebKitGTK 2.24.1-1 across Debian stable/testing/sid branches; systems running WebKitGTK ≤ 2.23.90 or WebKitGTK+ ≤ 2.22.6 remain vulnerable. ↗
- ·The exploit was tested specifically on Linux kernel 4.15.0-38-generic; impact on other platforms/kernels may differ. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
WebKitGTK+ vulnerabilities
vendor_ubuntu·2019-04-16
CVE-2019-11070 WebKitGTK+ vulnerabilities
Title: WebKitGTK+ vulnerabilities
Summary: Several security issues were fixed in WebKitGTK+.
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
Debian
CVE-2019-8375: webkit2gtk - The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebK...
vendor_debian·2019·CVSS 9.8
CVE-2019-8375 [CRITICAL] CVE-2019-8375: webkit2gtk - The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebK...
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
Scope: local
bookworm: resolved (fixed in 2.24.1-1)
bullseye: resolved (fixed in 2.24.1-1)
forky: resolved (fixed in 2.24.1-1)
sid: resolved (fixed in 2.24.1-1)
trixie: resolved (fixed in 2.24.1-1)
GHSA
GHSA-f6vf-7m59-gfmp: The UIProcess subsystem in WebKit, as used in WebKitGTK through 2
ghsa_unreviewed·2022-05-14
CVE-2019-8375 [CRITICAL] CWE-119 GHSA-f6vf-7m59-gfmp: The UIProcess subsystem in WebKit, as used in WebKitGTK through 2
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
OSV
CVE-2019-8375: The UIProcess subsystem in WebKit, as used in WebKitGTK through 2
osv·2019-02-24·CVSS 9.8
CVE-2019-8375 [CRITICAL] CVE-2019-8375: The UIProcess subsystem in WebKit, as used in WebKitGTK through 2
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
No detection rules found.
No writeups or analysis indexed.
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00058.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00005.htmlhttps://bugs.webkit.org/show_bug.cgi?id=184875https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531https://trac.webkit.org/changeset/241515/webkithttps://usn.ubuntu.com/3948-1/https://www.exploit-db.com/exploits/46465/https://www.inputzero.io/2019/02/fuzzing-webkit.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00058.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00005.htmlhttps://bugs.webkit.org/show_bug.cgi?id=184875https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531https://trac.webkit.org/changeset/241515/webkithttps://usn.ubuntu.com/3948-1/https://www.exploit-db.com/exploits/46465/https://www.inputzero.io/2019/02/fuzzing-webkit.html
2019-02-24
Published