Fluid Attacks Database

Description

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel8	webkit2gtk3	<0:2.38.5-1.el8_8.3	0:2.38.5-1.el8_8.3
rpm rhel9	webkit2gtk3	<0:2.38.5-1.el9_2.1	0:2.38.5-1.el9_2.1

Aliases

1. CVE-2023-22032. NVD-2023-22033. OSV-2023-2203

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.