Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-28205 (GCVE-0-2023-28205)
Vulnerability from cvelistv5 – Published: 2023-04-10 00:00 – Updated: 2025-10-21 23:15
VLAI
EPSS
CISA KEV
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Severity
8.8 (High)
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Assigner
References
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 15.7
(custom)
|
|
| Apple | Safari |
Affected:
unspecified , < 16.4
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 13.3
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.4
(custom)
|
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 10176a27-bbe3-46dc-bd16-bebecbfe1343
Exploited: Yes
Timestamps
First Seen: 2023-04-10
Asserted: 2023-04-10
Scope
Notes: KEV entry: Apple Multiple Products WebKit Use-After-Free Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213720,https://support.apple.com/en-us/HT213721,https://support.apple.com/en-us/HT213722,https://support.apple.com/en-us/HT213723; https://nvd.nist.gov/vuln/detail/CVE-2023-28205
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-416 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Multiple Products |
| Due Date | 2023-05-01 |
| Date Added | 2023-04-10 |
| Vendorproject | Apple |
| Vulnerabilityname | Apple Multiple Products WebKit Use-After-Free Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 13:25 UTC
| Updated: 2026-02-06 07:53 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213723"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213722"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213721"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213720"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28205",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T21:10:57.791125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-04-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28205"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:20.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28205"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-10T00:00:00.000Z",
"value": "CVE-2023-28205 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T03:46:09.018Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213723"
},
{
"url": "https://support.apple.com/en-us/HT213722"
},
{
"url": "https://support.apple.com/en-us/HT213721"
},
{
"url": "https://support.apple.com/en-us/HT213720"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-28205",
"datePublished": "2023-04-10T00:00:00.000Z",
"dateReserved": "2023-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:20.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2023-28205",
"cwes": "[\"CWE-416\"]",
"dateAdded": "2023-04-10",
"dueDate": "2023-05-01",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://support.apple.com/en-us/HT213720,https://support.apple.com/en-us/HT213721,https://support.apple.com/en-us/HT213722,https://support.apple.com/en-us/HT213723; https://nvd.nist.gov/vuln/detail/CVE-2023-28205",
"product": "Multiple Products",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.",
"vendorProject": "Apple",
"vulnerabilityName": "Apple Multiple Products WebKit Use-After-Free Vulnerability"
},
"epss": {
"cve": "CVE-2023-28205",
"date": "2026-05-28",
"epss": "0.00068",
"percentile": "0.21191"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-28205\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2023-04-10T19:15:07.237\",\"lastModified\":\"2025-10-23T17:50:16.077\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2023-04-10\",\"cisaActionDue\":\"2023-05-01\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apple Multiple Products WebKit Use-After-Free Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.4.1\",\"matchCriteriaId\":\"22BA2E4E-2C6C-47A8-810E-A67D1E8ABA88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.7.5\",\"matchCriteriaId\":\"968ADFDD-5716-4F75-BCA2-DD8486ED9618\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.4.1\",\"matchCriteriaId\":\"8C1711DE-4691-42B7-8661-51B11C3E5B98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.7.5\",\"matchCriteriaId\":\"CE26F1A4-8813-40E4-B939-AFC1F75953CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.4.1\",\"matchCriteriaId\":\"96B6C1F1-6F18-43F9-83B6-58A214525B72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.3.1\",\"matchCriteriaId\":\"39C8733E-1512-47A9-BC06-73276A0EFAF7\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT213720\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://support.apple.com/en-us/HT213721\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://support.apple.com/en-us/HT213722\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://support.apple.com/en-us/HT213723\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://support.apple.com/en-us/HT213720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://support.apple.com/en-us/HT213721\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://support.apple.com/en-us/HT213722\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://support.apple.com/en-us/HT213723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28205\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213723\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213722\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213721\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213720\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:30:24.829Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28205\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-28T21:10:57.791125Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-04-10\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28205\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-04-10T00:00:00.000Z\", \"value\": \"CVE-2023-28205 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28205\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-28T21:10:25.874Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"15.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"16.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"13.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"16.4\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213723\"}, {\"url\": \"https://support.apple.com/en-us/HT213722\"}, {\"url\": \"https://support.apple.com/en-us/HT213721\"}, {\"url\": \"https://support.apple.com/en-us/HT213720\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2023-07-27T03:46:09.018Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-28205\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:15:20.482Z\", \"dateReserved\": \"2023-03-13T00:00:00.000Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2023-04-10T00:00:00.000Z\", \"assignerShortName\": \"apple\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2023:1918
Vulnerability from osv_almalinux
Published
2023-04-20 00:00
Modified
2023-04-21 08:29
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- WebKitGTK: use-after-free leads to arbitrary code execution (CVE-2023-28205)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el9_1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el9_1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el9_1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el9_1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* WebKitGTK: use-after-free leads to arbitrary code execution (CVE-2023-28205)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:1918",
"modified": "2023-04-21T08:29:40Z",
"published": "2023-04-20T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:1918"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-28205"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2185724"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-1918.html"
}
],
"related": [
"CVE-2023-28205"
],
"summary": "Important: webkit2gtk3 security update"
}
alsa-2023:1919
Vulnerability from osv_almalinux
Published
2023-04-20 00:00
Modified
2023-04-21 08:37
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- WebKitGTK: use-after-free leads to arbitrary code execution (CVE-2023-28205)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el8_7.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el8_7.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el8_7.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el8_7.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* WebKitGTK: use-after-free leads to arbitrary code execution (CVE-2023-28205)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:1919",
"modified": "2023-04-21T08:37:19Z",
"published": "2023-04-20T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:1919"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-28205"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2185724"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-1919.html"
}
],
"related": [
"CVE-2023-28205"
],
"summary": "Important: webkit2gtk3 security update"
}
alsa-2023:2653
Vulnerability from osv_almalinux
Published
2023-05-09 00:00
Modified
2023-05-11 21:21
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- WebKitGTK: Regression of CVE-2023-28205 fixes in the AlmaLinux (CVE-2023-2203)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38.5-1.el9_2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38.5-1.el9_2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38.5-1.el9_2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38.5-1.el9_2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* WebKitGTK: Regression of CVE-2023-28205 fixes in the AlmaLinux (CVE-2023-2203)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:2653",
"modified": "2023-05-11T21:21:07Z",
"published": "2023-05-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2653"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-2203"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188543"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-2653.html"
}
],
"related": [
"CVE-2023-28205",
"CVE-2023-2203"
],
"summary": "Important: webkit2gtk3 security update"
}
alsa-2023:3108
Vulnerability from osv_almalinux
Published
2023-05-16 00:00
Modified
2023-05-19 22:02
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- WebKitGTK: Regression of CVE-2023-28205 fixes in the AlmaLinux (CVE-2023-2203)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38.5-1.el8_8.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38.5-1.el8_8.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38.5-1.el8_8.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38.5-1.el8_8.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* WebKitGTK: Regression of CVE-2023-28205 fixes in the AlmaLinux (CVE-2023-2203)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:3108",
"modified": "2023-05-19T22:02:37Z",
"published": "2023-05-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:3108"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-2203"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188543"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-3108.html"
}
],
"related": [
"CVE-2023-28205",
"CVE-2023-2203"
],
"summary": "Important: webkit2gtk3 security update"
}
BDU:2023-02452
Vulnerability from fstec - Published: 10.04.2023
VLAI
Title
Уязвимость модуля отображения веб-страниц WebKit браузера Safari, операционной системы iPadOS, операционной системы iOS, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость модуля отображения веб-страниц WebKit браузера Safari, операционной системы iPadOS, операционной системы iOS связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю , действующему удаленно, выполнить произвольный код
Severity
Vendor
ООО «РусБИТех-Астра», Apple Inc., АО "НППКТ"
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), MacOS, Safari, iOS, iPadOS, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 13.3.1 (MacOS), до 16.4.1 (Safari), до 15.7.5 (iOS), от 16.0 до 16.4.1 (iOS), до 15.7.5 (iPadOS), от 16.0 до 16.4.1 (iPadOS), до 2.8 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
https://support.apple.com/en-us/HT213720
https://support.apple.com/en-us/HT213721
https://support.apple.com/en-us/HT213722
https://support.apple.com/en-us/HT213723
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения webkit2gtk до версии 2.38.6-0+deb10u1osnova0
Для ОС Astra Linux Special Edition для архитектуры ARM 4.7:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47
Reference
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/
https://support.apple.com/en-us/HT213721
http://seclists.org/fulldisclosure/2023/Apr/1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/
http://seclists.org/fulldisclosure/2023/Apr/3
https://support.apple.com/en-us/HT213722
https://support.apple.com/en-us/HT213723
https://www.debian.org/security/2023/dsa-5396
https://www.debian.org/security/2023/dsa-5397
http://www.openwall.com/lists/oss-security/2023/04/21/3
http://seclists.org/fulldisclosure/2023/Apr/2
http://seclists.org/fulldisclosure/2023/Apr/5
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/
https://support.apple.com/en-us/HT213720
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47
https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv
CWE
CWE-416
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Apple Inc., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 13.3.1 (MacOS), \u0434\u043e 16.4.1 (Safari), \u0434\u043e 15.7.5 (iOS), \u043e\u0442 16.0 \u0434\u043e 16.4.1 (iOS), \u0434\u043e 15.7.5 (iPadOS), \u043e\u0442 16.0 \u0434\u043e 16.4.1 (iPadOS), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://support.apple.com/en-us/HT213720\nhttps://support.apple.com/en-us/HT213721\nhttps://support.apple.com/en-us/HT213722\nhttps://support.apple.com/en-us/HT213723\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f webkit2gtk \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.38.6-0+deb10u1osnova0\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM 4.7:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.04.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.05.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-02452",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-28205",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), MacOS, Safari, iOS, iPadOS, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Apple Inc. MacOS \u0434\u043e 13.3.1 , Apple Inc. iOS \u0434\u043e 15.7.5 , Apple Inc. iOS \u043e\u0442 16.0 \u0434\u043e 16.4.1 , Apple Inc. iPadOS \u0434\u043e 15.7.5 , Apple Inc. iPadOS \u043e\u0442 16.0 \u0434\u043e 16.4.1 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKit \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b iPadOS, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b iOS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKit \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b iPadOS, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b iOS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e , \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/\nhttps://support.apple.com/en-us/HT213721\nhttp://seclists.org/fulldisclosure/2023/Apr/1\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/\nhttp://seclists.org/fulldisclosure/2023/Apr/3\nhttps://support.apple.com/en-us/HT213722\nhttps://support.apple.com/en-us/HT213723\nhttps://www.debian.org/security/2023/dsa-5396\nhttps://www.debian.org/security/2023/dsa-5397\nhttp://www.openwall.com/lists/oss-security/2023/04/21/3\nhttp://seclists.org/fulldisclosure/2023/Apr/2\nhttp://seclists.org/fulldisclosure/2023/Apr/5\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/\nhttps://support.apple.com/en-us/HT213720\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CERTFR-2023-AVI-0296
Vulnerability from certfr_avis - Published: 2023-04-11 - Updated: 2023-04-11
De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Apple indique que ces vulnérabilités sont activement exploitées.
De plus, une preuve de concept est disponible publiquement pour la vulnérabilité CVE-2023-28206.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | iOS versions antérieures à 15.7.5 | ||
| Apple | N/A | iOS versions antérieures à 16.4.1 | ||
| Apple | Safari | Safari versions antérieures à 16.4.1 | ||
| Apple | macOS | macOS Monterey versions antérieures à 12.6.5 | ||
| Apple | macOS | macOS Big Sur versions antérieures à 11.7.6 | ||
| Apple | N/A | iPadOS versions antérieures à 15.7.5 | ||
| Apple | N/A | iPadOS versions antérieures à 16.4.1 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.3.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 15.7.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 16.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 16.4.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.6.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.7.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 15.7.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 16.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.3.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28206"
},
{
"name": "CVE-2023-28205",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28205"
}
],
"initial_release_date": "2023-04-11T00:00:00",
"last_revision_date": "2023-04-11T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0296",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n\nApple indique que ces vuln\u00e9rabilit\u00e9s sont activement exploit\u00e9es.\n\nDe plus, une preuve de concept est disponible publiquement pour la\nvuln\u00e9rabilit\u00e9 C\u003cspan class=\"pl-c\"\u003eVE-2023-28206.\u003c/span\u003e\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213725 du 10 avril 2023",
"url": "https://support.apple.com/en-us/HT213725"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213724 du 10 avril 2023",
"url": "https://support.apple.com/en-us/HT213724"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213720 du 07 avril 2023",
"url": "https://support.apple.com/en-us/HT213720"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213721 du 07 avril 2023",
"url": "https://support.apple.com/en-us/HT213721"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213722 du 07 avril 2023",
"url": "https://support.apple.com/en-us/HT213722"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213723 du 10 avril 2023",
"url": "https://support.apple.com/en-us/HT213723"
}
]
}
FKIE_CVE-2023-28205
Vulnerability from fkie_nvd - Published: 2023-04-10 19:15 - Updated: 2025-10-23 17:50
Severity
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References
{
"cisaActionDue": "2023-05-01",
"cisaExploitAdd": "2023-04-10",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Apple Multiple Products WebKit Use-After-Free Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22BA2E4E-2C6C-47A8-810E-A67D1E8ABA88",
"versionEndExcluding": "16.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "968ADFDD-5716-4F75-BCA2-DD8486ED9618",
"versionEndExcluding": "15.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1711DE-4691-42B7-8661-51B11C3E5B98",
"versionEndExcluding": "16.4.1",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26F1A4-8813-40E4-B939-AFC1F75953CC",
"versionEndExcluding": "15.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96B6C1F1-6F18-43F9-83B6-58A214525B72",
"versionEndExcluding": "16.4.1",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39C8733E-1512-47A9-BC06-73276A0EFAF7",
"versionEndExcluding": "13.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
],
"id": "CVE-2023-28205",
"lastModified": "2025-10-23T17:50:16.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-10T19:15:07.237",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes"
],
"url": "https://support.apple.com/en-us/HT213720"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes"
],
"url": "https://support.apple.com/en-us/HT213721"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes"
],
"url": "https://support.apple.com/en-us/HT213722"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes"
],
"url": "https://support.apple.com/en-us/HT213723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://support.apple.com/en-us/HT213720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://support.apple.com/en-us/HT213721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://support.apple.com/en-us/HT213722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://support.apple.com/en-us/HT213723"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28205"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-6QJH-P74Q-89MV
Vulnerability from github – Published: 2023-04-10 21:30 – Updated: 2025-10-22 00:32
VLAI
Details
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2023-28205"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-10T19:15:00Z",
"severity": "HIGH"
},
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
"id": "GHSA-6qjh-p74q-89mv",
"modified": "2025-10-22T00:32:43Z",
"published": "2023-04-10T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28205"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00011.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-32"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213720"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213721"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213722"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213723"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28205"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5396"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5397"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Apr/1"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Apr/2"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Apr/3"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Apr/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/04/21/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-28205
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-28205",
"id": "GSD-2023-28205"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-28205"
],
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
"id": "GSD-2023-28205",
"modified": "2023-12-13T01:20:48.446795Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2023-28205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "15.7"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "16.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "13.3"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT213723",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213723"
},
{
"name": "https://support.apple.com/en-us/HT213722",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213722"
},
{
"name": "https://support.apple.com/en-us/HT213721",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213721"
},
{
"name": "https://support.apple.com/en-us/HT213720",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213720"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.7.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.7.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.4.1",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.4.1",
"versionStartIncluding": "16.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2023-28205"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT213722",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://support.apple.com/en-us/HT213722"
},
{
"name": "https://support.apple.com/en-us/HT213723",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://support.apple.com/en-us/HT213723"
},
{
"name": "https://support.apple.com/en-us/HT213720",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://support.apple.com/en-us/HT213720"
},
{
"name": "https://support.apple.com/en-us/HT213721",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://support.apple.com/en-us/HT213721"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-07-27T04:15Z",
"publishedDate": "2023-04-10T19:15Z"
}
}
}
RHSA-2023:1918
Vulnerability from csaf_redhat - Published: 2023-04-20 14:36 - Updated: 2025-11-21 18:39Summary
Red Hat Security Advisory: webkit2gtk3 security update
Severity
Important
Notes
Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* WebKitGTK: use-after-free leads to arbitrary code execution (CVE-2023-28205)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the webkitgtk package. An improper input validation issue may lead to a use-after-free vulnerability. This vulnerability allows attackers with network access to pass specially crafted web content files, causing Denial of Service or Arbitrary Code Execution.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* WebKitGTK: use-after-free leads to arbitrary code execution (CVE-2023-28205)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1918",
"url": "https://access.redhat.com/errata/RHSA-2023:1918"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2185724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185724"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1918.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-11-21T18:39:35+00:00",
"generator": {
"date": "2025-11-21T18:39:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:1918",
"initial_release_date": "2023-04-20T14:36:21+00:00",
"revision_history": [
{
"date": "2023-04-20T14:36:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-04-20T14:36:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:39:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.src",
"product": {
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.src",
"product_id": "webkit2gtk3-0:2.36.7-1.el9_1.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el9_1.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.aarch64",
"product": {
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.aarch64",
"product_id": "webkit2gtk3-0:2.36.7-1.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el9_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.aarch64",
"product_id": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el9_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el9_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el9_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el9_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el9_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el9_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el9_1.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el9_1.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.ppc64le",
"product_id": "webkit2gtk3-0:2.36.7-1.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el9_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el9_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el9_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el9_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el9_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el9_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el9_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el9_1.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el9_1.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.i686",
"product": {
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.i686",
"product_id": "webkit2gtk3-0:2.36.7-1.el9_1.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el9_1.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.i686",
"product_id": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el9_1.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.i686",
"product_id": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el9_1.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el9_1.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.i686",
"product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el9_1.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el9_1.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el9_1.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el9_1.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el9_1.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.x86_64",
"product": {
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.x86_64",
"product_id": "webkit2gtk3-0:2.36.7-1.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el9_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.x86_64",
"product_id": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el9_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el9_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el9_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el9_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el9_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el9_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el9_1.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el9_1.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.s390x",
"product": {
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.s390x",
"product_id": "webkit2gtk3-0:2.36.7-1.el9_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el9_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.s390x",
"product_id": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el9_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.s390x",
"product_id": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el9_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el9_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el9_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el9_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el9_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el9_1.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el9_1.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.aarch64"
},
"product_reference": "webkit2gtk3-0:2.36.7-1.el9_1.3.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.i686"
},
"product_reference": "webkit2gtk3-0:2.36.7-1.el9_1.3.i686",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.36.7-1.el9_1.3.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.s390x"
},
"product_reference": "webkit2gtk3-0:2.36.7-1.el9_1.3.s390x",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.src"
},
"product_reference": "webkit2gtk3-0:2.36.7-1.el9_1.3.src",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.36.7-1.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.x86_64"
},
"product_reference": "webkit2gtk3-0:2.36.7-1.el9_1.3.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.i686",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.i686",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.s390x",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.i686",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.s390x",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.36.7-1.el9_1.3.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.i686",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.s390x",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.i686",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.i686",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.s390x",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28205",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185724"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webkitgtk package. An improper input validation issue may lead to a use-after-free vulnerability. This vulnerability allows attackers with network access to pass specially crafted web content files, causing Denial of Service or Arbitrary Code Execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "WebKitGTK: use-after-free leads to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is not aware of any exploitation of this flaw in Linux platforms at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.src",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28205"
},
{
"category": "external",
"summary": "RHBZ#2185724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185724"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28205",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28205"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28205",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28205"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-6qjh-p74q-89mv",
"url": "https://github.com/advisories/GHSA-6qjh-p74q-89mv"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-20T14:36:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.src",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1918"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.src",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el9_1.3.x86_64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.aarch64",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.i686",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.ppc64le",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.s390x",
"AppStream-9.1.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9_1.3.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-04-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "WebKitGTK: use-after-free leads to arbitrary code execution"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…