Twenty Year Anniversary

WebKitGTK+ Data Leak / Code Execution

WebKitGTK+ Data Leak / Code Execution
Posted Jun 14, 2018
Authored by WebKitGTK+ Team

Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit that can lead to leaking of sensitive data, code execution, and more. Various 2.20.x versions are affected.

tags | advisory, vulnerability, code execution
advisories | CVE-2018-11646, CVE-2018-11712, CVE-2018-11713, CVE-2018-12293, CVE-2018-12294, CVE-2018-4190, CVE-2018-4192, CVE-2018-4199, CVE-2018-4201, CVE-2018-4214, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233
MD5 | 53a674f30dc7d752aaae7c783ff1240c

WebKitGTK+ Data Leak / Code Execution

Change Mirror Download
------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005
------------------------------------------------------------------------

Date reported : June 13, 2018
Advisory ID : WSA-2018-0005
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0005.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2018-0005.html
CVE identifiers : CVE-2018-4190, CVE-2018-4192, CVE-2018-4199,
CVE-2018-4201, CVE-2018-4214, CVE-2018-4218,
CVE-2018-4222, CVE-2018-4232, CVE-2018-4233,
CVE-2018-11646, CVE-2018-11712,
CVE-2018-11713, CVE-2018-12293,
CVE-2018-12294.

Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.

CVE-2018-4190
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Jun Kokatsu (@shhnjk).
Impact: Visiting a maliciously crafted website may leak sensitive
data. Description: Credentials were unexpectedly sent when fetching
CSS mask images. This was addressed by using a CORS-enabled fetch
method.

CVE-2018-4192
Versions affected: WebKitGTK+ before 2.20.1.
Credit to Markus Gaasedelen, Nick Burnett, and Patrick Biernat of
Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A race condition was
addressed with improved locking.

CVE-2018-4199
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of
MWR Labs working with Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A buffer overflow issue was
addressed with improved memory handling.

CVE-2018-4201
Versions affected: WebKitGTK+ before 2.20.1.
Credit to an anonymous researcher.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2018-4214
Versions affected: WebKitGTK+ before 2.20.0.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to an
unexpected application crash. Description: A memory corruption issue
was addressed with improved input validation.

CVE-2018-4218
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Natalie Silvanovich of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2018-4222
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Natalie Silvanovich of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: An out-of-bounds read was
addressed with improved input validation.

CVE-2018-4232
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Aymeric Chaib.
Impact: Visiting a maliciously crafted website may lead to cookies
being overwritten. Description: A permissions issue existed in the
handling of web browser cookies. This issue was addressed with
improved restrictions.

CVE-2018-4233
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Samuel Gross (@5aelo) working with Trend Micro's Zero Day
Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2018-11646
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Mishra Dhiraj.
Maliciously crafted web content could trigger an application crash
in WebKitFaviconDatabase, caused by mishandling unexpected input.

CVE-2018-11712
Versions affected: WebKitGTK+ 2.20.0 and 2.20.1.
Credit to Metrological Group B.V.
The libsoup network backend of WebKit failed to perform TLS
certificate verification for WebSocket connections.

CVE-2018-11713
Versions affected: WebKitGTK+ before 2.20.0 or without libsoup
2.62.0.
Credit to Dirkjan Ochtman.
The libsoup network backend of WebKit unexpectedly failed to use
system proxy settings for WebSocket connections. As a result, users
could be deanonymized by crafted web sites via a WebSocket
connection.

CVE-2018-12293
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to ADlab of Venustech.
Maliciously crafted web content could achieve a heap buffer overflow
in ImageBufferCairo by exploiting multiple integer overflow issues.

CVE-2018-12294
Versions affected: WebKitGTK+ before 2.20.2.
Credit to ADlab of Venustech.
Maliciously crafted web content could trigger a use-after-free of a
TextureMapperLayer object.


We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running a safe
version of WebKit. Please check our websites for information about the
latest stable releases.

Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.

The WebKitGTK+ and WPE WebKit team,
June 13, 2018

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close