CVE-2019-8375
CVE-2019-8375
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/46465/unverifiedexploitdbwww.exploit-db.com/exploits/46465unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00058.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00005.htmlhttps://bugs.webkit.org/show_bug.cgi?id=184875https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531https://trac.webkit.org/changeset/241515/webkithttps://usn.ubuntu.com/3948-1/https://www.exploit-db.com/exploits/46465/https://www.inputzero.io/2019/02/fuzzing-webkit.html