CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
78.1%
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology
Preview Release 46, allows remote attackers to cause a denial of service
(buffer overflow) or possibly have unspecified other impact because it
calls the FastBitVectorWordOwner::resizeSlow function (in
WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a
bitvector size, and resizeSlow mishandles cases where the old array length
is greater than the new array length.
Author | Note |
---|---|
jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
mdeslaur | as of 2018-03-19, no details if this affects webkit2gtk This still wasn’t mentioned in webkit2gtk advisories as of 2018-04-04, so marking as not-affected |
github.com/dwfault/PoCs/blob/master/WebKit%20Misuse%20of%20WTF:wtf:FastBitVector%20result%20in%20potential%20BOF/WebKit%20Misuse%20of%20WTF:wtf:FastBitVector%20result%20in%20potential%20BOF.md
launchpad.net/bugs/cve/CVE-2017-17821
nvd.nist.gov/vuln/detail/CVE-2017-17821
security-tracker.debian.org/tracker/CVE-2017-17821
www.cve.org/CVERecord?id=CVE-2017-17821
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
78.1%