Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-23529 (GCVE-0-2023-23529)
Vulnerability from cvelistv5 – Published: 2023-02-27 00:00 – Updated: 2025-10-21 23:15
VLAI
EPSS
CISA KEV
Summary
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Severity
8.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.3
(custom)
|
|
| Apple | Safari |
Affected:
unspecified , < 16.3
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 13.2
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 15.7
(custom)
|
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: f684ea47-02e8-44a3-b90b-d9fd48dc09d9
Exploited: Yes
Timestamps
First Seen: 2023-02-14
Asserted: 2023-02-14
Scope
Notes: KEV entry: Apple Multiple Products WebKit Type Confusion Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213635, https://support.apple.com/en-us/HT213633, https://support.apple.com/en-us/HT213638; https://nvd.nist.gov/vuln/detail/CVE-2023-23529
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-843 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Multiple Products |
| Due Date | 2023-03-07 |
| Date Added | 2023-02-14 |
| Vendorproject | Apple |
| Vulnerabilityname | Apple Multiple Products WebKit Type Confusion Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 13:25 UTC
| Updated: 2026-02-06 07:53 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:32.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213635"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213638"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213633"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213673"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-23529",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T21:21:43.179297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-02-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23529"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:24.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23529"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-14T00:00:00.000Z",
"value": "CVE-2023-23529 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T03:45:37.183Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213635"
},
{
"url": "https://support.apple.com/en-us/HT213638"
},
{
"url": "https://support.apple.com/en-us/HT213633"
},
{
"url": "https://support.apple.com/en-us/HT213673"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-23529",
"datePublished": "2023-02-27T00:00:00.000Z",
"dateReserved": "2023-01-12T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:24.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2023-23529",
"cwes": "[\"CWE-843\"]",
"dateAdded": "2023-02-14",
"dueDate": "2023-03-07",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://support.apple.com/en-us/HT213635, https://support.apple.com/en-us/HT213633, https://support.apple.com/en-us/HT213638; https://nvd.nist.gov/vuln/detail/CVE-2023-23529",
"product": "Multiple Products",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.",
"vendorProject": "Apple",
"vulnerabilityName": "Apple Multiple Products WebKit Type Confusion Vulnerability"
},
"epss": {
"cve": "CVE-2023-23529",
"date": "2026-06-05",
"epss": "0.00093",
"percentile": "0.26072"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-23529\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2023-02-27T20:15:14.710\",\"lastModified\":\"2025-10-23T18:04:04.480\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2023-02-14\",\"cisaActionDue\":\"2023-03-07\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apple Multiple Products WebKit Type Confusion Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.3\",\"matchCriteriaId\":\"99403ED1-F1EB-4E71-8937-DC09A226D520\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.7.4\",\"matchCriteriaId\":\"6342B4CB-4D7D-4FBD-8A5E-E3DABDC7770E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.3.1\",\"matchCriteriaId\":\"30E7C45D-05AC-4F31-BA68-88494D32193B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.7.4\",\"matchCriteriaId\":\"C75E4307-6CF3-4835-8E5F-96BF060658C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.3.1\",\"matchCriteriaId\":\"F9AD7A33-3B5A-4BBB-982F-95BA21035677\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.2.1\",\"matchCriteriaId\":\"029F0FBC-6765-4560-B98E-7CAB10555DDC\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT213633\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213635\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213638\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213673\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213633\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213638\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213673\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23529\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213635\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213638\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213633\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213673\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:35:32.885Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23529\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-28T21:21:43.179297Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-02-14\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23529\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-02-14T00:00:00.000Z\", \"value\": \"CVE-2023-23529 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23529\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-843\", \"description\": \"CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-28T21:21:15.513Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"16.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"16.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"13.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"15.7\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213635\"}, {\"url\": \"https://support.apple.com/en-us/HT213638\"}, {\"url\": \"https://support.apple.com/en-us/HT213633\"}, {\"url\": \"https://support.apple.com/en-us/HT213673\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2023-07-27T03:45:37.183Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-23529\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:15:24.700Z\", \"dateReserved\": \"2023-01-12T00:00:00.000Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2023-02-27T00:00:00.000Z\", \"assignerShortName\": \"apple\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2023:0902
Vulnerability from osv_almalinux
Published
2023-02-22 00:00
Modified
2023-02-23 10:40
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution (CVE-2023-23529)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el8_7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el8_7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el8_7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el8_7.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK\nplatform.\n\nSecurity Fix(es):\n\n* webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution (CVE-2023-23529)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:0902",
"modified": "2023-02-23T10:40:06Z",
"published": "2023-02-22T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:0902"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23529"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2169934"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-0902.html"
}
],
"related": [
"CVE-2023-23529"
],
"summary": "Important: webkit2gtk3 security update"
}
alsa-2023:0903
Vulnerability from osv_almalinux
Published
2023-02-22 00:00
Modified
2023-02-23 10:43
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution (CVE-2023-23529)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el9_1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el9_1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el9_1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.7-1.el9_1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution (CVE-2023-23529)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:0903",
"modified": "2023-02-23T10:43:07Z",
"published": "2023-02-22T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:0903"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23529"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2169934"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-0903.html"
}
],
"related": [
"CVE-2023-23529"
],
"summary": "Important: webkit2gtk3 security update"
}
Title
Уязвимость модуля отображения веб-страниц WebKitGTK браузера Safari, операционных систем iOS, iPadOS и macOS Ventura, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость модуля отображения веб-страниц WebKitGTK браузера Safari, операционных систем iOS, iPadOS и macOS Ventura связана с ошибками смешения типов данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально созданной веб-страницы
Severity
Vendor
Red Hat Inc., ООО «РусБИТех-Астра», Apple Inc., АО "НППКТ"
Software Name
Red Hat Enterprise Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Safari, iOS, iPadOS, MacOS, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 1.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), до 16.3 (Safari), до 16.3.1 (iOS), до 16.3.1 (iPadOS), до Ventura 13.2.1 (MacOS), до 2.8 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Apple Inc.:
https://support.apple.com/en-us/HT213633
https://support.apple.com/en-us/HT213635
https://support.apple.com/en-us/HT213638
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2023-23529
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения webkit2gtk до версии 2.38.6-0+deb10u1osnova0
Для ОС Astra Linux Special Edition 1.7:
обновить пакет webkit2gtk до 2.38.5-1~deb10u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD
Reference
https://support.apple.com/en-us/HT213633
https://support.apple.com/en-us/HT213635
https://support.apple.com/en-us/HT213638
https://access.redhat.com/security/cve/cve-2023-23529
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/
https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv
CWE
CWE-119, CWE-843
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Apple Inc., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 1.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), \u0434\u043e 16.3 (Safari), \u0434\u043e 16.3.1 (iOS), \u0434\u043e 16.3.1 (iPadOS), \u0434\u043e Ventura 13.2.1 (MacOS), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Apple Inc.:\nhttps://support.apple.com/en-us/HT213633 \nhttps://support.apple.com/en-us/HT213635 \nhttps://support.apple.com/en-us/HT213638\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2023-23529\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f webkit2gtk \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.38.6-0+deb10u1osnova0\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.38.5-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.02.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.03.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-01439",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-23529",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Safari, iOS, iPadOS, MacOS, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Red Hat Inc. Red Hat Enterprise Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 9 , Apple Inc. iOS \u0434\u043e 16.3.1 , Apple Inc. iPadOS \u0434\u043e 16.3.1 , Apple Inc. MacOS \u0434\u043e Ventura 13.2.1 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c iOS, iPadOS \u0438 macOS Ventura, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119), \u0414\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0441\u0443\u0440\u0441\u0443 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u044b\u0435 \u0442\u0438\u043f\u044b (CWE-843)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c iOS, iPadOS \u0438 macOS Ventura \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u043c\u0435\u0448\u0435\u043d\u0438\u044f \u0442\u0438\u043f\u043e\u0432 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.apple.com/en-us/HT213633 \nhttps://support.apple.com/en-us/HT213635 \nhttps://support.apple.com/en-us/HT213638\nhttps://access.redhat.com/security/cve/cve-2023-23529\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119, CWE-843",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CERTFR-2023-AVI-0119
Vulnerability from certfr_avis - Published: 2023-02-14 - Updated: 2023-02-14
De multiples vulnérabilités ont été corrigées dans les produits Apple. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et une exécution de code arbitraire à distance.
L'éditeur indique que la vulnérabilité CVE-2023-23529 est activement exploitée.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple macOS versions ant\u00e9rieures \u00e0 13.2.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 16.3.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 16.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-23514",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23514"
},
{
"name": "CVE-2023-23522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23522"
},
{
"name": "CVE-2023-23529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23529"
}
],
"initial_release_date": "2023-02-14T00:00:00",
"last_revision_date": "2023-02-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 13 f\u00e9vrier 2023",
"url": "https://support.apple.com/en-us/HT213633"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 13 f\u00e9vrier 2023",
"url": "https://support.apple.com/en-us/HT213638"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 13 f\u00e9vrier 2023",
"url": "https://support.apple.com/en-us/HT213635"
}
],
"reference": "CERTFR-2023-AVI-0119",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la politique de s\u00e9curit\u00e9 et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur indique que la vuln\u00e9rabilit\u00e9 CVE-2023-23529 est activement\nexploit\u00e9e.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213638 du 13 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213635 du 13 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213633 du 13 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0152
Vulnerability from certfr_avis - Published: 2023-02-21 - Updated: 2023-02-21
De multiples vulnérabilités ont été corrigées dans macOS Ventura. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.2.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-23524",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23524"
},
{
"name": "CVE-2023-23514",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23514"
},
{
"name": "CVE-2023-23522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23522"
},
{
"name": "CVE-2023-23529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23529"
}
],
"initial_release_date": "2023-02-21T00:00:00",
"last_revision_date": "2023-02-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 13 f\u00e9vrier 2023",
"url": "https://support.apple.com/en-us/HT213633"
}
],
"reference": "CERTFR-2023-AVI-0152",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003emacOS Ventura\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une ex\u00e9cution de code arbitraire \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans macOS Ventura",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213633 du 13 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0265
Vulnerability from certfr_avis - Published: 2023-03-28 - Updated: 2023-03-28
De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données, une exécution de code arbitraire à distance, une élévation de privilèges, un contournement de la politique de sécurité, un problème de sécurité non spécifié par l'éditeur et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | Apple iOS et iPadOS versions 16.x antérieures à 16.4 | ||
| Apple | N/A | Apple watchOS versions antérieures à 9.4 | ||
| Apple | N/A | Apple Studio Display Firmware versions antérieures à 16.4 | ||
| Apple | macOS | Apple macOS Ventura versions antérieures à 13.3 | ||
| Apple | macOS | Apple macOS Big Sur versions antérieures à 11.7.5 | ||
| Apple | N/A | Apple iOS et iPadOS versions 15.x.x antérieures à 15.7.4 | ||
| Apple | Safari | Apple Safari versions antérieures à 16.4 | ||
| Apple | N/A | Apple tvOS versions antérieures à 16.4 | ||
| Apple | macOS | Apple macOS Monterey antérieures à 12.6.4 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple iOS et iPadOS versions 16.x ant\u00e9rieures \u00e0 16.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple watchOS versions ant\u00e9rieures \u00e0 9.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Studio Display Firmware versions ant\u00e9rieures \u00e0 16.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Ventura versions ant\u00e9rieures \u00e0 13.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Big Sur versions ant\u00e9rieures \u00e0 11.7.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iOS et iPadOS versions 15.x.x ant\u00e9rieures \u00e0 15.7.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 16.4",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple tvOS versions ant\u00e9rieures \u00e0 16.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Monterey ant\u00e9rieures \u00e0 12.6.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-27952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27952"
},
{
"name": "CVE-2023-27937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27937"
},
{
"name": "CVE-2023-27941",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27941"
},
{
"name": "CVE-2023-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28182"
},
{
"name": "CVE-2023-23538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23538"
},
{
"name": "CVE-2022-26702",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26702"
},
{
"name": "CVE-2023-23514",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23514"
},
{
"name": "CVE-2023-27942",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27942"
},
{
"name": "CVE-2023-23541",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23541"
},
{
"name": "CVE-2023-27931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27931"
},
{
"name": "CVE-2023-27933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27933"
},
{
"name": "CVE-2023-27963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27963"
},
{
"name": "CVE-2023-0051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
},
{
"name": "CVE-2023-23533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23533"
},
{
"name": "CVE-2023-23542",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23542"
},
{
"name": "CVE-2023-27970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27970"
},
{
"name": "CVE-2023-27944",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27944"
},
{
"name": "CVE-2023-23534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23534"
},
{
"name": "CVE-2023-23525",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23525"
},
{
"name": "CVE-2023-27965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27965"
},
{
"name": "CVE-2023-23528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23528"
},
{
"name": "CVE-2023-27936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27936"
},
{
"name": "CVE-2023-23532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23532"
},
{
"name": "CVE-2023-28190",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28190"
},
{
"name": "CVE-2023-27961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27961"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2023-23535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23535"
},
{
"name": "CVE-2023-23537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23537"
},
{
"name": "CVE-2023-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28180"
},
{
"name": "CVE-2023-27957",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27957"
},
{
"name": "CVE-2023-27935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27935"
},
{
"name": "CVE-2023-23526",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23526"
},
{
"name": "CVE-2023-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
},
{
"name": "CVE-2023-27953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27953"
},
{
"name": "CVE-2023-23494",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23494"
},
{
"name": "CVE-2023-0054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
},
{
"name": "CVE-2023-27958",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27958"
},
{
"name": "CVE-2023-28192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28192"
},
{
"name": "CVE-2023-27969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27969"
},
{
"name": "CVE-2023-28178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28178"
},
{
"name": "CVE-2023-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
},
{
"name": "CVE-2023-23543",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23543"
},
{
"name": "CVE-2023-28200",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28200"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2023-27932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27932"
},
{
"name": "CVE-2023-27951",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27951"
},
{
"name": "CVE-2023-27955",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27955"
},
{
"name": "CVE-2023-27934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27934"
},
{
"name": "CVE-2023-23529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23529"
},
{
"name": "CVE-2023-27943",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27943"
},
{
"name": "CVE-2023-27959",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27959"
},
{
"name": "CVE-2023-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
},
{
"name": "CVE-2023-27949",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27949"
},
{
"name": "CVE-2023-27968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27968"
},
{
"name": "CVE-2023-27946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27946"
},
{
"name": "CVE-2023-27962",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27962"
},
{
"name": "CVE-2023-27956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27956"
},
{
"name": "CVE-2023-28194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28194"
},
{
"name": "CVE-2023-23527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23527"
},
{
"name": "CVE-2023-27928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27928"
},
{
"name": "CVE-2023-27929",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27929"
},
{
"name": "CVE-2023-27954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27954"
},
{
"name": "CVE-2023-23540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23540"
},
{
"name": "CVE-2023-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
},
{
"name": "CVE-2023-23523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23523"
},
{
"name": "CVE-2023-28181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28181"
}
],
"initial_release_date": "2023-03-28T00:00:00",
"last_revision_date": "2023-03-28T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0265",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0\ndistance, une \u00e9l\u00e9vation de privil\u00e8ges, un contournement de la politique\nde s\u00e9curit\u00e9, un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213674 du 27 mars 2023",
"url": "https://support.apple.com/en-us/HT213674"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213673 du 27 mars 2023",
"url": "https://support.apple.com/en-us/HT213673"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213678 du 27 mars 2023",
"url": "https://support.apple.com/en-us/HT213678"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213675 du 27 mars 2023",
"url": "https://support.apple.com/en-us/HT213675"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213677 du 27 mars 2023",
"url": "https://support.apple.com/en-us/HT213677"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213671 du 27 mars 2023",
"url": "https://support.apple.com/en-us/HT213671"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213672 du 27 mars 2023",
"url": "https://support.apple.com/en-us/HT213672"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213676 du 27 mars 2023",
"url": "https://support.apple.com/en-us/HT213676"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213670 du 27 mars 2023",
"url": "https://support.apple.com/en-us/HT213670"
}
]
}
FKIE_CVE-2023-23529
Vulnerability from fkie_nvd - Published: 2023-02-27 20:15 - Updated: 2025-10-23 18:04
Severity
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/HT213633 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT213635 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT213638 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT213673 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT213633 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT213635 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT213638 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT213673 | Release Notes, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23529 | US Government Resource |
{
"cisaActionDue": "2023-03-07",
"cisaExploitAdd": "2023-02-14",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Apple Multiple Products WebKit Type Confusion Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99403ED1-F1EB-4E71-8937-DC09A226D520",
"versionEndExcluding": "16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6342B4CB-4D7D-4FBD-8A5E-E3DABDC7770E",
"versionEndExcluding": "15.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30E7C45D-05AC-4F31-BA68-88494D32193B",
"versionEndExcluding": "16.3.1",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C75E4307-6CF3-4835-8E5F-96BF060658C8",
"versionEndExcluding": "15.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AD7A33-3B5A-4BBB-982F-95BA21035677",
"versionEndExcluding": "16.3.1",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "029F0FBC-6765-4560-B98E-7CAB10555DDC",
"versionEndExcluding": "13.2.1",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
],
"id": "CVE-2023-23529",
"lastModified": "2025-10-23T18:04:04.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-27T20:15:14.710",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213633"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213635"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213638"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213673"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23529"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-C5HW-5P2J-XQG7
Vulnerability from github – Published: 2023-02-27 21:30 – Updated: 2025-10-22 00:32
VLAI
Details
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2023-23529"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-27T20:15:00Z",
"severity": "HIGH"
},
"details": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..",
"id": "GHSA-c5hw-5p2j-xqg7",
"modified": "2025-10-22T00:32:43Z",
"published": "2023-02-27T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23529"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-32"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213633"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213635"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213638"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213673"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23529"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Mar/20"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/May/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-23529
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-23529",
"id": "GSD-2023-23529",
"references": [
"https://www.debian.org/security/2023/dsa-5351",
"https://www.debian.org/security/2023/dsa-5352",
"https://advisories.mageia.org/CVE-2023-23529.html",
"https://access.redhat.com/errata/RHSA-2023:0902",
"https://access.redhat.com/errata/RHSA-2023:0903",
"https://www.suse.com/security/cve/CVE-2023-23529.html",
"https://ubuntu.com/security/CVE-2023-23529"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-23529"
],
"details": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
"id": "GSD-2023-23529",
"modified": "2023-12-13T01:20:49.771140Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2023-23529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "16.3"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "16.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "13.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT213635",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213635"
},
{
"name": "https://support.apple.com/en-us/HT213638",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213638"
},
{
"name": "https://support.apple.com/en-us/HT213633",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213633"
},
{
"name": "https://support.apple.com/en-us/HT213673",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213673"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2023-23529"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT213638",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213638"
},
{
"name": "https://support.apple.com/en-us/HT213635",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213635"
},
{
"name": "https://support.apple.com/en-us/HT213633",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213633"
},
{
"name": "https://support.apple.com/en-us/HT213673",
"refsource": "MISC",
"tags": [],
"url": "https://support.apple.com/en-us/HT213673"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-07-27T04:15Z",
"publishedDate": "2023-02-27T20:15Z"
}
}
}
RHSA-2023:0902
Vulnerability from csaf_redhat - Published: 2023-02-22 13:01 - Updated: 2025-11-21 18:37Summary
Red Hat Security Advisory: webkit2gtk3 security update
Severity
Important
Notes
Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK
platform.
Security Fix(es):
* webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution (CVE-2023-23529)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK\nplatform.\n\nSecurity Fix(es):\n\n* webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution (CVE-2023-23529)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0902",
"url": "https://access.redhat.com/errata/RHSA-2023:0902"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2169934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0902.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-11-21T18:37:59+00:00",
"generator": {
"date": "2025-11-21T18:37:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:0902",
"initial_release_date": "2023-02-22T13:01:43+00:00",
"revision_history": [
{
"date": "2023-02-22T13:01:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-02-22T13:01:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:37:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.src",
"product": {
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.src",
"product_id": "webkit2gtk3-0:2.36.7-1.el8_7.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el8_7.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.aarch64",
"product": {
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.aarch64",
"product_id": "webkit2gtk3-0:2.36.7-1.el8_7.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el8_7.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.aarch64",
"product_id": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el8_7.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el8_7.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el8_7.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el8_7.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el8_7.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el8_7.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el8_7.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el8_7.2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.ppc64le",
"product_id": "webkit2gtk3-0:2.36.7-1.el8_7.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el8_7.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el8_7.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el8_7.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el8_7.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el8_7.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el8_7.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el8_7.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el8_7.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el8_7.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.i686",
"product": {
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.i686",
"product_id": "webkit2gtk3-0:2.36.7-1.el8_7.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el8_7.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.i686",
"product_id": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el8_7.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.i686",
"product_id": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el8_7.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el8_7.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.i686",
"product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el8_7.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el8_7.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el8_7.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el8_7.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el8_7.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.x86_64",
"product": {
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.x86_64",
"product_id": "webkit2gtk3-0:2.36.7-1.el8_7.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el8_7.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.x86_64",
"product_id": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el8_7.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el8_7.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el8_7.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el8_7.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el8_7.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el8_7.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el8_7.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el8_7.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.s390x",
"product": {
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.s390x",
"product_id": "webkit2gtk3-0:2.36.7-1.el8_7.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el8_7.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.s390x",
"product_id": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el8_7.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.s390x",
"product_id": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el8_7.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el8_7.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el8_7.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el8_7.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el8_7.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el8_7.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el8_7.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.aarch64"
},
"product_reference": "webkit2gtk3-0:2.36.7-1.el8_7.2.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.i686"
},
"product_reference": "webkit2gtk3-0:2.36.7-1.el8_7.2.i686",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.36.7-1.el8_7.2.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.s390x"
},
"product_reference": "webkit2gtk3-0:2.36.7-1.el8_7.2.s390x",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.src"
},
"product_reference": "webkit2gtk3-0:2.36.7-1.el8_7.2.src",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.36.7-1.el8_7.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.x86_64"
},
"product_reference": "webkit2gtk3-0:2.36.7-1.el8_7.2.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.i686",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.i686",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.s390x",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.i686",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.s390x",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.36.7-1.el8_7.2.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.i686",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.s390x",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.i686",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.i686",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.s390x",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-23529",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169934"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is not aware of any exploitation of this flaw in Linux platforms at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.src",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23529"
},
{
"category": "external",
"summary": "RHBZ#2169934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23529"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23529",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23529"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0002.html",
"url": "https://webkitgtk.org/security/WSA-2023-0002.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-02-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-22T13:01:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.src",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0902"
},
{
"category": "workaround",
"details": "Setting the environment variable JSC_useDFGJIT=0 will mitigate this issue.",
"product_ids": [
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.src",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.src",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-debugsource-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-0:2.36.7-1.el8_7.2.x86_64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.aarch64",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.i686",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.ppc64le",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.s390x",
"AppStream-8.7.0.Z.MAIN:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8_7.2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-02-14T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…