Lucene search

[email protected]NVD:CVE-2023-25358

HistoryMar 02, 2023 - 3:15 p.m.

CVE-2023-25358

2023-03-0215:15:10

CWE-416

[email protected]

web.nvd.nist.gov

webcore

renderlayer

addchild

webkitgtk

execute code remotely

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.3%

JSON

A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.

Affected configurations

NVD

Node

webkitgtkwebkitgtkRange<2.36.8

Node

fedoraprojectfedoraMatch38

References

www.openwall.com/lists/oss-security/2023/04/21/3

bugs.webkit.org/show_bug.cgi?id=242683

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/

security.gentoo.org/glsa/202305-32

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for NVD:CVE-2023-25358

cvelist1 prion1 debiancve1 redhatcve1 cve1 ubuntucve1 fedora3 openvas11 osv6 nessus21 ubuntu1 mageia1 oraclelinux2 almalinux2 redhat2 gentoo1 hp1 amazon1