Lucene search

K
archlinux
ArchLinuxASA-202004-23
HistoryApr 28, 2020 - 12:00 a.m.

[ASA-202004-23] webkit2gtk: arbitrary code execution

2020-04-2800:00:00
security.archlinux.org
13

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.1%

Arch Linux Security Advisory ASA-202004-23

Severity: Critical
Date : 2020-04-28
CVE-ID : CVE-2020-3899
Package : webkit2gtk
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1144

Summary

The package webkit2gtk before version 2.28.2-1 is vulnerable to
arbitrary code execution.

Resolution

Upgrade to 2.28.2-1.

pacman -Syu β€œwebkit2gtk>=2.28.2-1”

The problem has been fixed upstream in version 2.28.2.

Workaround

None.

Description

A memory handling issue has been found in WebKitGTK before 2.28.2 and
WPE WebKit before 2.28.2.

Impact

A remote attacker might be able to execute arbitrary code via crafted
web content.

References

https://webkitgtk.org/security/WSA-2020-0005.html
https://webkitgtk.org/security/WSA-2020-0005.html#CVE-2020-3899
https://security.archlinux.org/CVE-2020-3899

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanywebkit2gtk< 2.28.2-1UNKNOWN
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.1%

Related for ASA-202004-23