Bug 2253054 (CVE-2023-42916)

Summary: CVE-2023-42916 webkitgtk: Out-of-bounds read leads to sensitive data leak
Product: [Other] Security Response Reporter: Marco Benatto <mbenatto>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gsuckevi
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in WebKitGTK. Processing malicious web content may cause an out-of-bounds read due to an improper input validation, resulting in sensitive content leaking.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-12-05 19:51:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2253055    
Bug Blocks: 2253040    

Description Marco Benatto 2023-12-05 19:33:48 UTC 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

References:
https://webkitgtk.org/security/WSA-2023-0011.html
http://www.openwall.com/lists/oss-security/2023/12/05/1
https://support.apple.com/en-us/HT214031
https://support.apple.com/en-us/HT214032
https://support.apple.com/en-us/HT214033
Comment 1 Marco Benatto 2023-12-05 19:37:29 UTC 
Created webkitgtk tracking bugs for this issue:

Affects: fedora-all [bug 2253055]
Comment 2 errata-xmlrpc 2025-07-07 02:27:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364