CVE-2023-2203

CWE-416Use After Free6 documents6 sources
Severity
8.8HIGH
EPSS
0.1%
top 71.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Redhat Enterprise LinuxRedhat Enterprise Linux EUSRedhat Enterprise Linux Server AUS+2 more
Timeline
PublishedMay 17
Latest updateMay 18

Description

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5webkitgtkAffects webkit2gtk3 v2.38.5-1.el8 and webkit2gtk3 v2.38.5-1.el9, Fixed in webkit2gtk3 v2.38.5-1.el8_8.3 and webkit2gtk3 v2.38.5-1.el9_2.1
NVDwebkitgtk/webkit2gtk32.38.5-1.el8, 2.38.5-1.el9+1

Also affects: Enterprise Linux 8.0, 9.0, 8.8, 9.2

🔴Vulnerability Details

3
GHSA
GHSA-p2w5-xch3-v6pv: A flaw was found in the WebKitGTK package2023-05-18
OSV
CVE-2023-2203: A flaw was found in the WebKitGTK package2023-05-17
CVEList
CVE-2023-2203: A flaw was found in the WebKitGTK package2023-05-17

📋Vendor Advisories

2
Red Hat
webkitgtk: Regression of CVE-2023-28205 fixes in the Red Hat Enterprise Linux2023-05-09
Debian
CVE-2023-2203: webkit2gtk - A flaw was found in the WebKitGTK package. An improper input validation issue ma...2023
CVE-2023-2203 (HIGH CVSS 8.8) | A flaw was found in the WebKitGTK p | cvebase.io