2253054 – (CVE-2023-42916) CVE-2023-42916 webkitgtk: Out-of-bounds read leads to sensitive data leak

Bug 2253054 (CVE-2023-42916) - CVE-2023-42916 webkitgtk: Out-of-bounds read leads to sensitive data leak

Summary: CVE-2023-42916 webkitgtk: Out-of-bounds read leads to sensitive data leak

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-42916
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2253055
Blocks:	2253040
TreeView+	depends on / blocked

Reported:	2023-12-05 19:33 UTC by Marco Benatto
Modified:	2024-03-20 10:34 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in WebKitGTK. Processing malicious web content may cause an out-of-bounds read due to an improper input validation, resulting in sensitive content leaking.
Clone Of:
Environment:
Last Closed:	2023-12-05 19:51:42 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marco Benatto 2023-12-05 19:33:48 UTC

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

References:
https://webkitgtk.org/security/WSA-2023-0011.html
http://www.openwall.com/lists/oss-security/2023/12/05/1
https://support.apple.com/en-us/HT214031
https://support.apple.com/en-us/HT214032
https://support.apple.com/en-us/HT214033

Comment 1 Marco Benatto 2023-12-05 19:37:29 UTC

Created webkitgtk tracking bugs for this issue:

Affects: fedora-all [bug 2253055]

Note You need to log in before you can comment on or make changes to this bug.