CVE-2020-10018
published 2020-03-02CVE-2020-10018: WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that…
PriorityP351critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.03%
91.2th percentile
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | webkit2gtk | < webkit2gtk 2.28.0-2 (bookworm) | webkit2gtk 2.28.0-2 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.28.0-2 (bookworm) | webkit2gtk 2.28.0-2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
| webkitgtk | webkitgtk | < 2.28.0 | 2.28.0 |
| wpewebkit | wpe_webkit | < 2.28.0 | 2.28.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
WebKitGTK+ vulnerability
vendor_ubuntu·2020-03-30
CVE-2020-10018 WebKitGTK+ vulnerability
Title: WebKitGTK+ vulnerability
Summary: Several security issues were fixed in WebKitGTK+.
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
Red Hat
webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
vendor_redhat·2020-03-02·CVSS 9.8
CVE-2020-10018 [CRITICAL] CWE-400 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2020-10018: webkit2gtk - WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions r...
vendor_debian·2020·CVSS 9.8
CVE-2020-10018 [CRITICAL] CVE-2020-10018: webkit2gtk - WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions r...
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
Scope: local
bookworm: resolved (fixed in 2.28.0-2)
bullseye: resolved (fixed in 2.28.0-2)
forky: resolved (fixed in 2.28.0-2)
sid: resolved (fixed in 2.28.0-2)
trixie: resolved (fixed in 2.28.0-2)
GHSA
GHSA-37vm-m2gx-6h3h: accessibility/AXObjectCache
ghsa_unreviewed·2022-05-24
CVE-2020-10018 [MEDIUM] CWE-20 GHSA-37vm-m2gx-6h3h: accessibility/AXObjectCache
accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4, allows a denial of service (application crash) because maintenance of the m_deferredFocusedNodeChange data structure mishandles removal.
OSV
CVE-2020-10018: WebKitGTK through 2
osv·2020-03-02·CVSS 9.8
CVE-2020-10018 [CRITICAL] CVE-2020-10018: WebKitGTK through 2
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-10018 webkit2gtk3: webkitgtk: Denial of service issue in accessibility/AXObjectCache.cpp [fedora-all]
bugzilla·2020-03-09·CVSS 9.8
CVE-2020-10018 [CRITICAL] CVE-2020-10018 webkit2gtk3: webkitgtk: Denial of service issue in accessibility/AXObjectCache.cpp [fedora-all]
CVE-2020-10018 webkit2gtk3: webkitgtk: Denial of service issue in accessibility/AXObjectCache.cpp [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue af
Bugzilla
CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
bugzilla·2020-03-09·CVSS 9.8
CVE-2020-10018 [CRITICAL] CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4, allows a denial of service (application crash) because maintenance of the m_deferredFocusedNodeChange data structure mishandles removal.
Upstream patch:
https://trac.webkit.org/changeset/257292/webkit
Discussion:
Created webkit2gtk3 tracking bugs for this issue:
Affects: fedora-all [bug 1811722]
---
Note this was misclassified as denial of service, but it's actually a use after free, which we classify as remote code execution.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:4035 https://access.redhat.com/errata/RHSA-2020:4035
---
This
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.htmlhttps://bugs.webkit.org/show_bug.cgi?id=204342#c21https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF/https://security.gentoo.org/glsa/202006-08https://usn.ubuntu.com/4310-1/https://webkitgtk.org/security/WSA-2020-0003.htmlhttps://wpewebkit.org/security/WSA-2020-0003.htmlhttps://www.debian.org/security/2020/dsa-4641http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.htmlhttps://bugs.webkit.org/show_bug.cgi?id=204342#c21https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF/https://security.gentoo.org/glsa/202006-08https://usn.ubuntu.com/4310-1/https://webkitgtk.org/security/WSA-2020-0003.htmlhttps://wpewebkit.org/security/WSA-2020-0003.htmlhttps://www.debian.org/security/2020/dsa-4641
2020-03-02
Published