CVE-2022-29536 — Out-of-bounds Write in Epiphany

CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 64.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Epiphany Debian Linux Fedoraproject Fedora

Timeline

PublishedApr 20

Latest updateAug 10

Description

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDgnome/epiphany42.0 — 42.2+1

Also affects: Debian Linux 10.0, 11.0, Fedora 34, 35, 36

Patches

Patch: gitlab.gnome.org ↗Patch: gitlab.gnome.org ↗

🔴Vulnerability Details

OSV

epiphany-browser vulnerabilities↗2022-08-10

▶

GHSA

GHSA-rmxp-r78p-2258: In GNOME Epiphany before 41↗2022-04-22

▶

CVEList

CVE-2022-29536: In GNOME Epiphany before 41↗2022-04-20

▶

OSV

CVE-2022-29536: In GNOME Epiphany before 41↗2022-04-20

▶

📋Vendor Advisories

Ubuntu

GNOME Web vulnerabilities↗2022-08-10

▶

Debian

CVE-2022-29536: epiphany-browser - In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger...↗2022

▶