⚠ Actively exploited

Added to CISA KEV on 2022-05-23. Federal agencies required to patch by 2022-06-13. Required action: Apply updates per vendor instructions..

CVE-2019-8720

CWE-119 — Buffer Overflow10 documents10 sources

Severity

8.8HIGH

EPSS

4.1%

top 11.40%

CISA KEV

KEV

Added 2022-05-23

Due 2022-06-13

Exploit

Exploited in wild

Active exploitation observed

Affected products

Webkitgtk Webkitgtk Wpewebkit WPE Webkit Redhat Codeready Linux Builder +20 more

Timeline

KEV addedMay 23

KEV dueJun 13

PublishedMar 6

Latest updateMar 7

CISA Required Action: Apply updates per vendor instructions.

Description

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶NVDwebkitgtk/webkitgtk< 2.26.0

▶NVDwpewebkit/wpe_webkit< 2.26.0

▶Debianwebkit2gtk< 2.26.0-1+3

▶CVEListV5webkitgtkFixed in webkitgtk 2.26.0

▶NVDredhat/codeready_linux_builder8.0, 8.4, 8.6+2

Also affects: Enterprise Linux 8.0, 8.4, 8.6, 7.0

🔴Vulnerability Details

GHSA

GHSA-5cgp-g38q-m4xj: A vulnerability was found in WebKit↗2023-03-07

▶

CVEList

CVE-2019-8720: A vulnerability was found in WebKit↗2023-03-06

▶

OSV

CVE-2019-8720: A vulnerability was found in WebKit↗2023-03-06

▶

VulnCheck

WebKitGTK Memory Corruption Vulnerability↗2019

▶

📋Vendor Advisories

CISA

WebKitGTK Memory Corruption Vulnerability↗2022-05-23

▶

Ubuntu

WebKitGTK+ vulnerabilities↗2019-11-07

▶

Red Hat

webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2019-10-29

▶

Debian

CVE-2019-8720: webkit2gtk - A vulnerability was found in WebKit. The flaw is triggered when processing malic...↗2019

▶

💬Community

Bugzilla

CVE-2019-8720 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-07

▶