A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
2023-05-17T22:15:10.943
2025-01-22T20:15:30.390
Modified
CVSSv3.1: 8.8 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | webkitgtk | webkit2gtk3 | 2.38.5-1.el8 | Yes |
| Application | webkitgtk | webkit2gtk3 | 2.38.5-1.el9 | Yes |
| Operating System | redhat | enterprise_linux | 8.0 | Yes |
| Operating System | redhat | enterprise_linux | 9.0 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.8 | Yes |
| Operating System | redhat | enterprise_linux_eus | 9.2 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 8.8 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 9.2 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 8.8 | Yes |