Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-42950 (GCVE-0-2023-42950)
Vulnerability from cvelistv5 – Published: 2024-03-28 15:39 – Updated: 2025-11-03 21:49
VLAI
EPSS
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
8.8 (High)
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
8 references
Impacted products
5 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:49:36.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214039"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214035"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214040"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214036"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214041"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214039"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241018-0009/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safari",
"vendor": "apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "10.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T17:46:25.004934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T15:40:20.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T09:06:23.795Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214039"
},
{
"url": "https://support.apple.com/en-us/HT214035"
},
{
"url": "https://support.apple.com/en-us/HT214040"
},
{
"url": "https://support.apple.com/en-us/HT214036"
},
{
"url": "https://support.apple.com/en-us/HT214041"
},
{
"url": "https://support.apple.com/kb/HT214039"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-42950",
"datePublished": "2024-03-28T15:39:16.227Z",
"dateReserved": "2023-09-14T19:05:11.474Z",
"dateUpdated": "2025-11-03T21:49:36.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-42950",
"date": "2026-05-29",
"epss": "0.00645",
"percentile": "0.71013"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-42950\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2024-03-28T16:15:08.313\",\"lastModified\":\"2025-11-03T22:16:27.070\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en Safari 17.2, iOS 17.2 y iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.2\",\"matchCriteriaId\":\"A894FAB1-74AE-4B4F-A005-ED6A67606414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.2\",\"matchCriteriaId\":\"C4117208-4072-4F4C-AC42-97683B6F8FF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.2\",\"matchCriteriaId\":\"00FC779B-E45C-4B34-976F-490C38C22C67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.2\",\"matchCriteriaId\":\"6892DEBD-024E-414B-9282-DCCCF23A3BDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.2\",\"matchCriteriaId\":\"780F2778-8AE1-4C48-8ADF-D4B7D44C3987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2\",\"matchCriteriaId\":\"1183933F-F52A-45A7-B118-FC8B8BDD5509\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/26/1\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT214035\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214036\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214039\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214040\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214041\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214039\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/26/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241018-0009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT214035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214036\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214040\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT214039\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214035\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214040\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214036\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214041\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214039\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/26/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241018-0009/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:49:36.789Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-42950\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-28T17:46:25.004934Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"iphone_os\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"ipad_os\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"tvos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"macos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"14.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:apple:watchos:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"watchos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"10.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-09T15:37:16.135Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"14.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"10.2\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT214039\"}, {\"url\": \"https://support.apple.com/en-us/HT214035\"}, {\"url\": \"https://support.apple.com/en-us/HT214040\"}, {\"url\": \"https://support.apple.com/en-us/HT214036\"}, {\"url\": \"https://support.apple.com/en-us/HT214041\"}, {\"url\": \"https://support.apple.com/kb/HT214039\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/26/1\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Processing maliciously crafted web content may lead to arbitrary code execution\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2024-06-12T09:06:23.795Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-42950\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:49:36.789Z\", \"dateReserved\": \"2023-09-14T19:05:11.474Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2024-03-28T15:39:16.227Z\", \"assignerShortName\": \"apple\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2024:9144
Vulnerability from osv_almalinux
Published
2024-11-12 00:00
Modified
2024-11-19 06:23
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkit: visiting a malicious website may lead to address bar spoofing (CVE-2023-42843)
- webkit: heap use-after-free may lead to arbitrary code execution (CVE-2023-42950)
- webkit: processing malicious web content may lead to a denial of service (CVE-2023-42956)
- chromium-browser: Use after free in ANGLE (CVE-2024-4558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.44.3-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.44.3-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.44.3-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.44.3-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. \n\nSecurity Fix(es): \n\n * webkit: visiting a malicious website may lead to address bar spoofing (CVE-2023-42843)\n * webkit: heap use-after-free may lead to arbitrary code execution (CVE-2023-42950)\n * webkit: processing malicious web content may lead to a denial of service (CVE-2023-42956)\n * chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\nAdditional Changes: \n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.\n",
"id": "ALSA-2024:9144",
"modified": "2024-11-19T06:23:59Z",
"published": "2024-11-12T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:9144"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-42843"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-42950"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-42956"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2271717"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2271718"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2271719"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2279689"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-9144.html"
}
],
"related": [
"CVE-2023-42843",
"CVE-2023-42950",
"CVE-2023-42956",
"CVE-2024-4558"
],
"summary": "Important: webkit2gtk3 security update"
}
Title
Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit операционных систем iOS, iPadOS, tvOS, macOS, watchOS, браузера Safari, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость модулей отображения веб-страниц WebKitGTK+ и WPE WebKit операционных систем iOS, iPadOS, tvOS, macOS, watchOS, браузера Safari связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity
Vendor
ООО «РусБИТех-Астра», Apple Inc., Сообщество свободного программного обеспечения, АО "НППКТ", Axiom JDK
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), watchOS, tvOS, MacOS, Safari, iOS, iPadOS, WPE WebKit, WebKitGTK, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Axiom AxiomJDK
Software Version
1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 10.2 (watchOS), до 17.2 (tvOS), до Sonoma 14.2 (MacOS), до 17.2 (Safari), до 17.2 (iOS), до 17.2 (iPadOS), до 2.44.0 (WPE WebKit), до 2.44.0 (WebKitGTK), до 2.11 (ОСОН ОСнова Оnyx), до 11.0.24.0.1 (Axiom AxiomJDK), до 17.0.12.0.1 (Axiom AxiomJDK), до 21.0.4.0.1 (Axiom AxiomJDK)
Possible Mitigations
Использование рекомендаций
Для программных продуктов Apple Inc.:
https://support.apple.com/en-us/HT214035
https://support.apple.com/en-us/HT214036
https://support.apple.com/en-us/HT214039
https://support.apple.com/en-us/HT214040
https://support.apple.com/en-us/HT214041
Для WebKitGTK и WPE WebKit:
https://wpewebkit.org/security/WSA-2024-0002.html
Для ОСОН ОСнова Оnyx (2.11):
Обновление программного обеспечения webkit2gtk до версии 2.44.2-1~deb11u1.osnova1
Для ОС Astra Linux:
обновить пакет webkit2gtk до 2.44.2-1~deb11u1+ci202406131437+astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
Для Astra Linux Special Edition 4.7 для архитектуры ARM:
обновить пакет webkit2gtk до 2.44.2-1~deb11u1+ci202406131437+astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
Для AxiomJDK:
https://axiomjdk.ru/pages/downloads/
Reference
https://safe-surf.ru/upload/VULN-new/VULN.2024-03-25.1.pdf
https://wpewebkit.org/security/WSA-2024-0002.html
https://support.apple.com/en-us/HT214035
https://support.apple.com/en-us/HT214036
https://support.apple.com/en-us/HT214039
https://support.apple.com/en-us/HT214040
https://support.apple.com/en-us/HT214041
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.11/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
https://axiomjdk.ru/pages/downloads/
CWE
CWE-416
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Apple Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", Axiom JDK",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 10.2 (watchOS), \u0434\u043e 17.2 (tvOS), \u0434\u043e Sonoma 14.2 (MacOS), \u0434\u043e 17.2 (Safari), \u0434\u043e 17.2 (iOS), \u0434\u043e 17.2 (iPadOS), \u0434\u043e 2.44.0 (WPE WebKit), \u0434\u043e 2.44.0 (WebKitGTK), \u0434\u043e 2.11 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 11.0.24.0.1 (Axiom AxiomJDK), \u0434\u043e 17.0.12.0.1 (Axiom AxiomJDK), \u0434\u043e 21.0.4.0.1 (Axiom AxiomJDK)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Apple Inc.:\nhttps://support.apple.com/en-us/HT214035\nhttps://support.apple.com/en-us/HT214036\nhttps://support.apple.com/en-us/HT214039\nhttps://support.apple.com/en-us/HT214040\nhttps://support.apple.com/en-us/HT214041\n\n\u0414\u043b\u044f WebKitGTK \u0438 WPE WebKit:\nhttps://wpewebkit.org/security/WSA-2024-0002.html\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (2.11):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f webkit2gtk \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.44.2-1~deb11u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.44.2-1~deb11u1+ci202406131437+astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.44.2-1~deb11u1+ci202406131437+astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\u0414\u043b\u044f AxiomJDK:\nhttps://axiomjdk.ru/pages/downloads/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.03.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "31.01.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.04.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-02479",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-42950",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), watchOS, tvOS, MacOS, Safari, iOS, iPadOS, WPE WebKit, WebKitGTK, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Axiom AxiomJDK",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Apple Inc. watchOS \u0434\u043e 10.2 , Apple Inc. tvOS \u0434\u043e 17.2 , Apple Inc. MacOS \u0434\u043e Sonoma 14.2 , Apple Inc. iOS \u0434\u043e 17.2 , Apple Inc. iPadOS \u0434\u043e 17.2 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.11 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0438 WPE WebKit \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c iOS, iPadOS, tvOS, macOS, watchOS, \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK+ \u0438 WPE WebKit \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c iOS, iPadOS, tvOS, macOS, watchOS, \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://safe-surf.ru/upload/VULN-new/VULN.2024-03-25.1.pdf\nhttps://wpewebkit.org/security/WSA-2024-0002.html\nhttps://support.apple.com/en-us/HT214035\nhttps://support.apple.com/en-us/HT214036\nhttps://support.apple.com/en-us/HT214039\nhttps://support.apple.com/en-us/HT214040\nhttps://support.apple.com/en-us/HT214041\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.11/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://axiomjdk.ru/pages/downloads/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
bit-java-2023-42950
Vulnerability from bitnami_vulndb
Published
2026-05-06 14:44
Modified
2026-05-08 06:11
Summary
Details
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "java",
"purl": "pkg:bitnami/java"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0"
},
{
"introduced": "1.9.0"
},
{
"fixed": "8.0.431"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-42950"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:bellsoft:libericajdk:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "BIT-java-2023-42950",
"modified": "2026-05-08T06:11:36.072Z",
"published": "2026-05-06T14:44:05.128Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42950"
},
{
"type": "WEB",
"url": "https://openjdk.org/groups/vulnerability/advisories/2024-10-15"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241018-0009/"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214035"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214036"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214039"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214040"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214041"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214039"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"schema_version": "1.6.2"
}
bit-jre-2023-42950
Vulnerability from bitnami_vulndb
Published
2026-05-08 05:45
Modified
2026-05-08 06:11
Summary
Details
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "jre",
"purl": "pkg:bitnami/jre"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0"
},
{
"introduced": "1.9.0"
},
{
"fixed": "8.0.431"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-42950"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:bellsoft:libericajre:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "BIT-jre-2023-42950",
"modified": "2026-05-08T06:11:36.072Z",
"published": "2026-05-08T05:45:40.029Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42950"
},
{
"type": "WEB",
"url": "https://openjdk.org/groups/vulnerability/advisories/2024-10-15"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241018-0009/"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214035"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214036"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214039"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214040"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214041"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214039"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"schema_version": "1.6.2"
}
CERTFR-2024-AVI-0883
Vulnerability from certfr_avis - Published: 2024-10-16 - Updated: 2024-10-16
De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle GraalVM Enterprise Edition versions 20.3.15 et 21.3.11 ",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM for JDK versions 17.0.12, 21.0.4 et 23",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE versions 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 et 23",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2024-21211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21211"
},
{
"name": "CVE-2023-42956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42956"
},
{
"name": "CVE-2024-23280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23280"
},
{
"name": "CVE-2024-23252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23252"
},
{
"name": "CVE-2024-27834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27834"
},
{
"name": "CVE-2024-23254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23254"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2023-42843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42843"
},
{
"name": "CVE-2023-42950",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42950"
},
{
"name": "CVE-2024-23263",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23263"
},
{
"name": "CVE-2024-23284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23284"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"initial_release_date": "2024-10-16T00:00:00",
"last_revision_date": "2024-10-16T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0883",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
"vendor_advisories": [
{
"published_at": "2024-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpuoct2024",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
FKIE_CVE-2023-42950
Vulnerability from fkie_nvd - Published: 2024-03-28 16:15 - Updated: 2025-11-03 22:16
Severity
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://www.openwall.com/lists/oss-security/2024/03/26/1 | ||
| product-security@apple.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/ | ||
| product-security@apple.com | https://support.apple.com/en-us/HT214035 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214036 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214039 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214040 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214041 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/kb/HT214039 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/03/26/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20241018-0009/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214035 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214036 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214039 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214040 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214041 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT214039 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A894FAB1-74AE-4B4F-A005-ED6A67606414",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4117208-4072-4F4C-AC42-97683B6F8FF5",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00FC779B-E45C-4B34-976F-490C38C22C67",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD",
"versionEndExcluding": "14.2",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "780F2778-8AE1-4C48-8ADF-D4B7D44C3987",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1183933F-F52A-45A7-B118-FC8B8BDD5509",
"versionEndExcluding": "10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en Safari 17.2, iOS 17.2 y iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2023-42950",
"lastModified": "2025-11-03T22:16:27.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-28T16:15:08.313",
"references": [
{
"source": "product-security@apple.com",
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214035"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214036"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214039"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214040"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214041"
},
{
"source": "product-security@apple.com",
"url": "https://support.apple.com/kb/HT214039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241018-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT214039"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-6CVP-282G-6JP8
Vulnerability from github – Published: 2024-03-28 18:30 – Updated: 2025-11-04 00:30
VLAI
Details
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2023-42950"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-28T16:15:08Z",
"severity": "HIGH"
},
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GHSA-6cvp-282g-6jp8",
"modified": "2025-11-04T00:30:48Z",
"published": "2024-03-28T18:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42950"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241018-0009"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214035"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214036"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214039"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214040"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214041"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214039"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-42950
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-42950",
"id": "GSD-2023-42950"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-42950"
],
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GSD-2023-42950",
"modified": "2023-12-13T01:20:21.493094Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2023-42950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "17.2"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "17.2"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "17.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "14.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "10.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT214039",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214039"
},
{
"name": "https://support.apple.com/en-us/HT214035",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214035"
},
{
"name": "https://support.apple.com/en-us/HT214040",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214040"
},
{
"name": "https://support.apple.com/en-us/HT214036",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214036"
},
{
"name": "https://support.apple.com/en-us/HT214041",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214041"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A894FAB1-74AE-4B4F-A005-ED6A67606414",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4117208-4072-4F4C-AC42-97683B6F8FF5",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00FC779B-E45C-4B34-976F-490C38C22C67",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD",
"versionEndExcluding": "14.2",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "780F2778-8AE1-4C48-8ADF-D4B7D44C3987",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1183933F-F52A-45A7-B118-FC8B8BDD5509",
"versionEndExcluding": "10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en Safari 17.2, iOS 17.2 y iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2023-42950",
"lastModified": "2024-04-08T22:48:38.313",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-28T16:15:08.313",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214035"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214036"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214039"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214040"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214041"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
NCSC-2024-0419
Vulnerability from csaf_ncscnl - Published: 2024-10-17 13:20 - Updated: 2024-10-17 13:20Summary
Kwetsbaarheden verholpen in Oracle Java
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van data
- Uitvoer van willekeurige code (Gebruikersrechten)
- Toegang tot gevoelige gegevens
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-130: Improper Handling of Length Parameter Inconsistency
CWE-195: Signed to Unsigned Conversion Error
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190: Integer Overflow or Wraparound
CWE-416: Use After Free
CWE-122: Heap-based Buffer Overflow
CWE-789: Memory Allocation with Excessive Size Value
7.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
CWE-130
- Improper Handling of Length Parameter Inconsistency
Affected products
Known affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
CWE-190
- Integer Overflow or Wraparound
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
graalvm
oracle_corporation
|
cpe:2.3:a:oracle_corporation:graalvm:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle_corporation
|
cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle_corporation
|
cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle_corporation
|
cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle_corporation
|
cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle_corporation
|
cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
CWE-789
- Memory Allocation with Excessive Size Value
Affected products
Known affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
4.8 (Medium)
Affected products
Known affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.10:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.2:*:*:*:*:*:*:*
|
— | |
|
database_server
oracle
|
cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_for_jdk22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.14:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.10:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.3:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_for_jdk22.0.1:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:11.0.23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:17.0.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:21.0.3:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:22.0.1:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u411:*:*:*:*:*:*:*
|
— |
CWE-77
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
References
10 references
| URL | Category |
|---|---|
| https://www.oracle.com/security-alerts/cpuoct2024.html | external |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Toegang tot gevoelige gegevens\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Signed to Unsigned Conversion Error",
"title": "CWE-195"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Java",
"tracking": {
"current_release_date": "2024-10-17T13:20:07.759085Z",
"id": "NCSC-2024-0419",
"initial_release_date": "2024-10-17T13:20:07.759085Z",
"revision_history": [
{
"date": "2024-10-17T13:20:07.759085Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673125",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673121",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673122",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673123",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673120",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_java_se_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673115",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673116",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673112",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673113",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673114",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673108",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673109",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673110",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673111",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673107",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673106",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673124",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle_corporation"
},
{
"branches": [
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912046",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503299",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1673300",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912045",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503302",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1673301",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912044",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503306",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1673304",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912601",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1457455",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1672740",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673407",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1672742",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673406",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_server",
"product": {
"name": "database_server",
"product_id": "CSAFPID-1503604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-550274",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912051",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503300",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:11.0.23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673306",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912050",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503304",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673303",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912049",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503307",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912048",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673302",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912047",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503308",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u411:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1672741",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673439",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503647",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503648",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912603",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503649",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912605",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503650",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503651",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912606",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674674",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674680",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674673",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674675",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674672",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674681",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674676",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674678",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674677",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674679",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-220891",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1672741"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-7104",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1672741"
]
}
],
"title": "CVE-2023-7104"
},
{
"cve": "CVE-2023-42950",
"product_status": {
"known_affected": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-42950",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42950.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2023-42950"
},
{
"cve": "CVE-2024-21208",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1673304",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21208",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21208.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1673304",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21208"
},
{
"cve": "CVE-2024-21210",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-1673303",
"CSAFPID-1673302",
"CSAFPID-1673306",
"CSAFPID-220891",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21210",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-1673303",
"CSAFPID-1673302",
"CSAFPID-1673306",
"CSAFPID-220891",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21210"
},
{
"cve": "CVE-2024-21211",
"product_status": {
"known_affected": [
"CSAFPID-1673120",
"CSAFPID-1673121",
"CSAFPID-1673122",
"CSAFPID-1673123",
"CSAFPID-1673124",
"CSAFPID-1673125",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673302",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21211",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673120",
"CSAFPID-1673121",
"CSAFPID-1673122",
"CSAFPID-1673123",
"CSAFPID-1673124",
"CSAFPID-1673125",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673302",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21211"
},
{
"cve": "CVE-2024-21217",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21217",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21217.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21217"
},
{
"cve": "CVE-2024-21235",
"cwe": {
"id": "CWE-195",
"name": "Signed to Unsigned Conversion Error"
},
"notes": [
{
"category": "other",
"text": "Signed to Unsigned Conversion Error",
"title": "CWE-195"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673301",
"CSAFPID-1672741",
"CSAFPID-1673300",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673304",
"CSAFPID-1673303",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21235",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21235.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673301",
"CSAFPID-1672741",
"CSAFPID-1673300",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673304",
"CSAFPID-1673303",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21235"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681",
"CSAFPID-550274",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912047",
"CSAFPID-912048",
"CSAFPID-912049",
"CSAFPID-912050",
"CSAFPID-912051",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912602",
"CSAFPID-912603",
"CSAFPID-912604",
"CSAFPID-912605",
"CSAFPID-1503604",
"CSAFPID-912606",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503647",
"CSAFPID-1503648",
"CSAFPID-1503649",
"CSAFPID-1503650",
"CSAFPID-1503651",
"CSAFPID-1503300",
"CSAFPID-1503304",
"CSAFPID-1503305",
"CSAFPID-1503307",
"CSAFPID-1503308"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681",
"CSAFPID-550274",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912047",
"CSAFPID-912048",
"CSAFPID-912049",
"CSAFPID-912050",
"CSAFPID-912051",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912602",
"CSAFPID-912603",
"CSAFPID-912604",
"CSAFPID-912605",
"CSAFPID-1503604",
"CSAFPID-912606",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503647",
"CSAFPID-1503648",
"CSAFPID-1503649",
"CSAFPID-1503650",
"CSAFPID-1503651",
"CSAFPID-1503300",
"CSAFPID-1503304",
"CSAFPID-1503305",
"CSAFPID-1503307",
"CSAFPID-1503308"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-36138",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1673300",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36138",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json"
}
],
"title": "CVE-2024-36138"
}
]
}
RHSA-2024:9144
Vulnerability from csaf_redhat - Published: 2024-11-12 09:09 - Updated: 2026-04-13 08:44Summary
Red Hat Security Advisory: webkit2gtk3 security update
Severity
Important
Notes
Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkit: visiting a malicious website may lead to address bar spoofing (CVE-2023-42843)
* webkit: heap use-after-free may lead to arbitrary code execution (CVE-2023-42950)
* webkit: processing malicious web content may lead to a denial of service (CVE-2023-42956)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in WebKit that may allow a remote attacker to conduct spoofing attacks by exploiting an inconsistent user interface issue. By tricking a victim into visiting a specially crafted website, the attacker could perform address bar spoofing.
5.4 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A heap use-after-free vulnerability was found in WebKit. Exploiting this flaw involves processing maliciously crafted web content, which may result in arbitrary code execution.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in WebKit. This issue may allow an attacker to trigger a denial of service condition by convincing a victim to visit a specially crafted website.
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
There's a flaw in the Angle package where processing maliciously crafted web content may lead to a use-after-free. A remote attacker may leverage that to exploit heap corruption related bugs, such as crashing the application or remote code execution.
7.0 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
31 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:9144 | self |
| https://docs.redhat.com/en/documentation/red_hat_… | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2271717 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2271718 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2271719 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2279689 | external |
| https://issues.redhat.com/browse/RHEL-32578 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2023-42843 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2271717 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-42843 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-42843 | external |
| https://webkitgtk.org/security/WSA-2024-0002.html | external |
| https://access.redhat.com/security/cve/CVE-2023-42950 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2271718 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-42950 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-42950 | external |
| https://access.redhat.com/security/cve/CVE-2023-42956 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2271719 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-42956 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-42956 | external |
| https://access.redhat.com/security/cve/CVE-2023-43010 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448778 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-43010 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-43010 | external |
| https://webkitgtk.org/security/WSA-2026-0001.html | external |
| https://access.redhat.com/security/cve/CVE-2024-4558 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2279689 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-4558 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-4558 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkit: visiting a malicious website may lead to address bar spoofing (CVE-2023-42843)\n\n* webkit: heap use-after-free may lead to arbitrary code execution (CVE-2023-42950)\n\n* webkit: processing malicious web content may lead to a denial of service (CVE-2023-42956)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9144",
"url": "https://access.redhat.com/errata/RHSA-2024:9144"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271717"
},
{
"category": "external",
"summary": "2271718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271718"
},
{
"category": "external",
"summary": "2271719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271719"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "RHEL-32578",
"url": "https://issues.redhat.com/browse/RHEL-32578"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9144.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2026-04-13T08:44:39+00:00",
"generator": {
"date": "2026-04-13T08:44:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2024:9144",
"initial_release_date": "2024-11-12T09:09:11+00:00",
"revision_history": [
{
"date": "2024-11-12T09:09:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-12T09:09:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-13T08:44:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.44.3-2.el9.src",
"product": {
"name": "webkit2gtk3-0:2.44.3-2.el9.src",
"product_id": "webkit2gtk3-0:2.44.3-2.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.44.3-2.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.44.3-2.el9.aarch64",
"product": {
"name": "webkit2gtk3-0:2.44.3-2.el9.aarch64",
"product_id": "webkit2gtk3-0:2.44.3-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.44.3-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"product_id": "webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.44.3-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.44.3-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.44.3-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.44.3-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.44.3-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.44.3-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.44.3-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.44.3-2.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"product_id": "webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.44.3-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.44.3-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.44.3-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.44.3-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.44.3-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.44.3-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.44.3-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.44.3-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.44.3-2.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.44.3-2.el9.i686",
"product": {
"name": "webkit2gtk3-0:2.44.3-2.el9.i686",
"product_id": "webkit2gtk3-0:2.44.3-2.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.44.3-2.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"product_id": "webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.44.3-2.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"product_id": "webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.44.3-2.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.44.3-2.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"product_id": "webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.44.3-2.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.44.3-2.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.44.3-2.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.44.3-2.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.44.3-2.el9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.44.3-2.el9.x86_64",
"product": {
"name": "webkit2gtk3-0:2.44.3-2.el9.x86_64",
"product_id": "webkit2gtk3-0:2.44.3-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.44.3-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"product_id": "webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.44.3-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.44.3-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.44.3-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.44.3-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.44.3-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.44.3-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.44.3-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.44.3-2.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.44.3-2.el9.s390x",
"product": {
"name": "webkit2gtk3-0:2.44.3-2.el9.s390x",
"product_id": "webkit2gtk3-0:2.44.3-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.44.3-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"product_id": "webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.44.3-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"product_id": "webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.44.3-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.44.3-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.44.3-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.44.3-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.44.3-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.44.3-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.44.3-2.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.44.3-2.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64"
},
"product_reference": "webkit2gtk3-0:2.44.3-2.el9.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.44.3-2.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686"
},
"product_reference": "webkit2gtk3-0:2.44.3-2.el9.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.44.3-2.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.44.3-2.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x"
},
"product_reference": "webkit2gtk3-0:2.44.3-2.el9.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.44.3-2.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src"
},
"product_reference": "webkit2gtk3-0:2.44.3-2.el9.src",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.44.3-2.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64"
},
"product_reference": "webkit2gtk3-0:2.44.3-2.el9.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.44.3-2.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42843",
"discovery_date": "2024-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271717"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKit that may allow a remote attacker to conduct spoofing attacks by exploiting an inconsistent user interface issue. By tricking a victim into visiting a specially crafted website, the attacker could perform address bar spoofing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: visiting a malicious website may lead to address bar spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42843"
},
{
"category": "external",
"summary": "RHBZ#2271717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271717"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42843"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0002.html",
"url": "https://webkitgtk.org/security/WSA-2024-0002.html"
}
],
"release_date": "2024-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-12T09:09:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkit: visiting a malicious website may lead to address bar spoofing"
},
{
"cve": "CVE-2023-42950",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271718"
}
],
"notes": [
{
"category": "description",
"text": "A heap use-after-free vulnerability was found in WebKit. Exploiting this flaw involves processing maliciously crafted web content, which may result in arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: heap use-after-free may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42950"
},
{
"category": "external",
"summary": "RHBZ#2271718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271718"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42950",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42950"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0002.html",
"url": "https://webkitgtk.org/security/WSA-2024-0002.html"
}
],
"release_date": "2024-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-12T09:09:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: heap use-after-free may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42956",
"discovery_date": "2024-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271719"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKit. This issue may allow an attacker to trigger a denial of service condition by convincing a victim to visit a specially crafted website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: processing malicious web content may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42956"
},
{
"category": "external",
"summary": "RHBZ#2271719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271719"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42956"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0002.html",
"url": "https://webkitgtk.org/security/WSA-2024-0002.html"
}
],
"release_date": "2024-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-12T09:09:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkit: processing malicious web content may lead to a denial of service"
},
{
"cve": "CVE-2023-43010",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T19:58:01.296000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause memory corruption and the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-43010"
},
{
"category": "external",
"summary": "RHBZ#2448778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-43010",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-43010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43010"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-12T09:09:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9144"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to memory corruption"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in the Angle package where processing maliciously crafted web content may lead to a use-after-free. A remote attacker may leverage that to exploit heap corruption related bugs, such as crashing the application or remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-12T09:09:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.src",
"AppStream-9.5.0.GA:webkit2gtk3-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-debugsource-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-devel-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-debuginfo-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-0:2.44.3-2.el9.x86_64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.aarch64",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.i686",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.ppc64le",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.s390x",
"AppStream-9.5.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.44.3-2.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…