cbcvebase.
CVE-2019-8375
published 2019-02-24

CVE-2019-8375: The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog…

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
16.11%
96.5th percentile
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).

Affected

7 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
debianwebkit2gtk< webkit2gtk 2.24.1-1 (bookworm)webkit2gtk 2.24.1-1 (bookworm)
opensuseleap
opensuseleap
webkitgtkwebkitgtk<= 2.23.90
webkitgtkwebkitgtk<= 2.22.6

Detection & IOCsextracted from sources · hover to see the quote

pathUIProcess/API/gtk/WebKitScriptDialogGtk.cpp
pathUIProcess/API/gtk/WebKitScriptDialogImpl.cpp
pathUIProcess/API/gtk/WebKitWebViewGtk.cpp
  • Trigger is a JavaScript script dialog (e.g., alert/prompt) whose content string is inflated in a loop to exceed the web view size, causing a buffer overflow in the GTK UIProcess subsystem. Monitor for abnormally large script dialog invocations from web content.
  • Exploitation is demonstrated via GNOME Web (Epiphany) on Linux; detection should focus on WebKitGTK/WebKitGTK+ processes crashing or producing abnormal memory faults when rendering pages with large script dialogs.
  • ·Vulnerability is fixed in WebKitGTK 2.24.1-1 across Debian stable/testing/sid branches; systems running WebKitGTK ≤ 2.23.90 or WebKitGTK+ ≤ 2.22.6 remain vulnerable.
  • ·The exploit was tested specifically on Linux kernel 4.15.0-38-generic; impact on other platforms/kernels may differ.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.