what you don't know can hurt you

WebKitGTK+ Data Leak / Code Execution

WebKitGTK+ Data Leak / Code Execution
Posted Jun 14, 2018
Authored by WebKitGTK+ Team

Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit that can lead to leaking of sensitive data, code execution, and more. Various 2.20.x versions are affected.

tags | advisory, vulnerability, code execution
advisories | CVE-2018-11646, CVE-2018-11712, CVE-2018-11713, CVE-2018-12293, CVE-2018-12294, CVE-2018-4190, CVE-2018-4192, CVE-2018-4199, CVE-2018-4201, CVE-2018-4214, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233
MD5 | 53a674f30dc7d752aaae7c783ff1240c

WebKitGTK+ Data Leak / Code Execution

Change Mirror Download
------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005
------------------------------------------------------------------------

Date reported : June 13, 2018
Advisory ID : WSA-2018-0005
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0005.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2018-0005.html
CVE identifiers : CVE-2018-4190, CVE-2018-4192, CVE-2018-4199,
CVE-2018-4201, CVE-2018-4214, CVE-2018-4218,
CVE-2018-4222, CVE-2018-4232, CVE-2018-4233,
CVE-2018-11646, CVE-2018-11712,
CVE-2018-11713, CVE-2018-12293,
CVE-2018-12294.

Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.

CVE-2018-4190
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Jun Kokatsu (@shhnjk).
Impact: Visiting a maliciously crafted website may leak sensitive
data. Description: Credentials were unexpectedly sent when fetching
CSS mask images. This was addressed by using a CORS-enabled fetch
method.

CVE-2018-4192
Versions affected: WebKitGTK+ before 2.20.1.
Credit to Markus Gaasedelen, Nick Burnett, and Patrick Biernat of
Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A race condition was
addressed with improved locking.

CVE-2018-4199
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of
MWR Labs working with Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A buffer overflow issue was
addressed with improved memory handling.

CVE-2018-4201
Versions affected: WebKitGTK+ before 2.20.1.
Credit to an anonymous researcher.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2018-4214
Versions affected: WebKitGTK+ before 2.20.0.
Credit to OSS-Fuzz.
Impact: Processing maliciously crafted web content may lead to an
unexpected application crash. Description: A memory corruption issue
was addressed with improved input validation.

CVE-2018-4218
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Natalie Silvanovich of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2018-4222
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Natalie Silvanovich of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: An out-of-bounds read was
addressed with improved input validation.

CVE-2018-4232
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Aymeric Chaib.
Impact: Visiting a maliciously crafted website may lead to cookies
being overwritten. Description: A permissions issue existed in the
handling of web browser cookies. This issue was addressed with
improved restrictions.

CVE-2018-4233
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Samuel Gross (@5aelo) working with Trend Micro's Zero Day
Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2018-11646
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to Mishra Dhiraj.
Maliciously crafted web content could trigger an application crash
in WebKitFaviconDatabase, caused by mishandling unexpected input.

CVE-2018-11712
Versions affected: WebKitGTK+ 2.20.0 and 2.20.1.
Credit to Metrological Group B.V.
The libsoup network backend of WebKit failed to perform TLS
certificate verification for WebSocket connections.

CVE-2018-11713
Versions affected: WebKitGTK+ before 2.20.0 or without libsoup
2.62.0.
Credit to Dirkjan Ochtman.
The libsoup network backend of WebKit unexpectedly failed to use
system proxy settings for WebSocket connections. As a result, users
could be deanonymized by crafted web sites via a WebSocket
connection.

CVE-2018-12293
Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
2.20.1.
Credit to ADlab of Venustech.
Maliciously crafted web content could achieve a heap buffer overflow
in ImageBufferCairo by exploiting multiple integer overflow issues.

CVE-2018-12294
Versions affected: WebKitGTK+ before 2.20.2.
Credit to ADlab of Venustech.
Maliciously crafted web content could trigger a use-after-free of a
TextureMapperLayer object.


We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running a safe
version of WebKit. Please check our websites for information about the
latest stable releases.

Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.

The WebKitGTK+ and WPE WebKit team,
June 13, 2018
Login or Register to add favorites

File Archive:

November 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    19 Files
  • 2
    Nov 2nd
    25 Files
  • 3
    Nov 3rd
    8 Files
  • 4
    Nov 4th
    7 Files
  • 5
    Nov 5th
    24 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    106 Files
  • 11
    Nov 11th
    19 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    12 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    12 Files
  • 19
    Nov 19th
    4 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    14 Files
  • 24
    Nov 24th
    19 Files
  • 25
    Nov 25th
    4 Files
  • 26
    Nov 26th
    1 Files
  • 27
    Nov 27th
    4 Files
  • 28
    Nov 28th
    1 Files
  • 29
    Nov 29th
    11 Files
  • 30
    Nov 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close