Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-202208-39.NASL
HistoryAug 31, 2022 - 12:00 a.m.

GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities

2022-08-3100:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)

  • A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. (CVE-2022-22589)

  • A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22590)

  • A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2022-22592)

  • A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).
    Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited… (CVE-2022-22620)

  • A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)

  • Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)

  • In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
    (CVE-2022-30293)

  • REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-30294)

  • An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2022-32893)

  • A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)

  • A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)

  • A logic issue in the handling of concurrent media was addressed with improved state handling.
    (CVE-2022-22677)

  • A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)

  • The issue was addressed with improved UI handling. (CVE-2022-32784)

  • An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202208-39.
#
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('compat.inc');

if (description)
{
  script_id(164535);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/08/31");

  script_cve_id(
    "CVE-2022-2294",
    "CVE-2022-22589",
    "CVE-2022-22590",
    "CVE-2022-22592",
    "CVE-2022-22620",
    "CVE-2022-22624",
    "CVE-2022-22628",
    "CVE-2022-22629",
    "CVE-2022-22662",
    "CVE-2022-22677",
    "CVE-2022-26700",
    "CVE-2022-26709",
    "CVE-2022-26710",
    "CVE-2022-26716",
    "CVE-2022-26717",
    "CVE-2022-26719",
    "CVE-2022-30293",
    "CVE-2022-30294",
    "CVE-2022-32784",
    "CVE-2022-32792",
    "CVE-2022-32893"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/09/08");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/09/15");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/02/25");

  script_name(english:"GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)

  - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and
    iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted
    mail message may lead to running arbitrary javascript. (CVE-2022-22589)

  - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and
    iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web
    content may lead to arbitrary code execution. (CVE-2022-22590)

  - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS
    15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content
    may prevent Content Security Policy from being enforced. (CVE-2022-22592)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS
    Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).
    Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a
    report that this issue may have been actively exploited.. (CVE-2022-22620)

  - A cookie management issue was addressed with improved state management. This issue is fixed in Security
    Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose
    sensitive user information. (CVE-2022-22662)

  - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)

  - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in
    WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
    (CVE-2022-30293)

  - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a
    duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this
    candidate. All references and descriptions in this candidate have been removed to prevent accidental
    usage. (CVE-2022-30294)

  - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS
    15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content
    may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively
    exploited. (CVE-2022-32893)

  - A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628,
    CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)

  - A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)

  - A logic issue in the handling of concurrent media was addressed with improved state handling.
    (CVE-2022-22677)

  - A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716,
    CVE-2022-26719)

  - The issue was addressed with improved UI handling. (CVE-2022-32784)

  - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202208-39");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=832990");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=833568");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=837305");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=839984");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=845252");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=856445");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=861740");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=864427");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=866494");
  script_set_attribute(attribute:"solution", value:
"All WebKitGTK+ users should upgrade to the latest version:

          # emerge --sync
          # emerge --ask --oneshot --verbose >=net-libs/webkit-gtk-2.36.7");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-30294");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/08/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:webkit-gtk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var flag = 0;

var packages = [
  {
    'name' : "net-libs/webkit-gtk",
    'unaffected' : make_list("ge 2.36.7", "lt 2.0.0"),
    'vulnerable' : make_list("lt 2.36.7")
  }
];

foreach package( packages ) {
  if (isnull(package['unaffected'])) package['unaffected'] = make_list();
  if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
  if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;
}

# This plugin has a different number of unaffected and vulnerable versions for
# one or more packages. To ensure proper detection, a separate line should be 
# used for each fixed/vulnerable version pair.

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : qpkg_report_get()
  );
  exit(0);
}
else
{
  qpkg_tests = list_uniq(qpkg_tests);
  var tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "WebKitGTK+");
}
VendorProductVersionCPE
gentoolinuxwebkit-gtkp-cpe:/a:gentoo:linux:webkit-gtk
gentoolinuxcpe:/o:gentoo:linux

References

Related

gentoo 1
rocky 3
nessus 39
osv 18
debian 10
oraclelinux 2
almalinux 2
redhat 11
suse 6
ubuntu 6
apple 10
fedora 6
mageia 5
cve 10
alpinelinux 7
redhatcve 8
debiancve 12
attackerkb 2
malwarebytes 1
thn 1
ubuntucve 8
veracode 11
kaspersky 1
prion 11
cisa 2
checkpoint_advisories 1
trellix 2
cisa_kev 1
zdi 1
hivepro 1
gentoo
gentoo
WebKitGTK+: Multiple Vulnerabilities
2022-08-31 00:00:00
rocky
rocky
webkit2gtk3 security and bug fix update
2022-11-08 06:26:46
webkit2gtk3 security and bug fix update
2022-11-15 06:14:22
webkit2gtk3 security update
2022-09-20 13:02:02
nessus
nessus
Rocky Linux 8 : webkit2gtk3 (RLSA-2022:7704)
2022-11-17 00:00:00
AlmaLinux 9 : webkit2gtk3 (ALSA-2022:8054)
2022-11-19 00:00:00
Rocky Linux 9 : webkit2gtk3 (RLSA-2022:8054)
2023-11-07 00:00:00
osv
osv
Moderate: webkit2gtk3 security and bug fix update
2022-11-15 06:14:22
Moderate: webkit2gtk3 security and bug fix update
2022-11-08 06:26:46
Moderate: webkit2gtk3 security and bug fix update
2022-11-08 00:00:00
debian
debian
[SECURITY] [DSA 5155-1] wpewebkit security update
2022-05-31 23:39:09
[SECURITY] [DSA 5154-1] webkit2gtk security update
2022-05-31 23:38:05
[SECURITY] [DSA 5084-1] wpewebkit security update
2022-02-19 19:47:05
oraclelinux
oraclelinux
webkit2gtk3 security and bug fix update
2022-11-22 00:00:00
webkit2gtk3 security and bug fix update
2022-11-15 00:00:00
almalinux
almalinux
Moderate: webkit2gtk3 security and bug fix update
2022-11-08 00:00:00
Moderate: webkit2gtk3 security and bug fix update
2022-11-15 00:00:00
redhat
redhat
(RHSA-2022:7704) Moderate: webkit2gtk3 security and bug fix update
2022-11-08 06:26:46
(RHSA-2022:8054) Moderate: webkit2gtk3 security and bug fix update
2022-11-15 06:14:22
(RHSA-2023:0918) Moderate: Service Binding Operator security update
2023-02-27 00:54:13
suse
suse
Security update for webkit2gtk3 (important)
2022-06-14 00:00:00
Security update for webkit2gtk3 (important)
2022-06-14 00:00:00
Security update for webkit2gtk3 (important)
2022-07-22 00:00:00
ubuntu
ubuntu
WebKitGTK vulnerabilities
2022-06-01 00:00:00
WebKitGTK vulnerabilities
2022-02-28 00:00:00
WebKitGTK vulnerabilities
2022-04-28 00:00:00
apple
apple
About the security content of Safari 15.5
2022-05-16 00:00:00
About the security content of Safari 15.3
2022-01-26 00:00:00
About the security content of Safari 15.4
2022-03-15 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: webkit2gtk3-2.36.3-1.fc36
2022-06-05 01:13:31
[SECURITY] Fedora 35 Update: webkit2gtk3-2.36.3-1.fc35
2022-06-18 01:45:03
[SECURITY] Fedora 35 Update: webkit2gtk3-2.34.5-1.fc35
2022-02-12 01:20:43
mageia
mageia
Updated webkit2 packages fix security vulnerability
2022-02-12 20:31:35
Updated webkit2 packages fix security vulnerability
2022-07-12 11:32:28
Updated webkit2 packages fix security vulnerability
2022-04-13 19:06:19
cve
cve
CVE-2022-30294
2022-05-06 05:15:00
CVE-2022-32784
2023-02-27 20:15:00
CVE-2022-22590
2022-03-18 18:15:00
alpinelinux
alpinelinux
CVE-2022-30294
2022-05-06 05:15:00
CVE-2022-22677
2022-11-01 20:15:00
CVE-2022-22589
2022-03-18 18:15:00
redhatcve
redhatcve
CVE-2022-30294
2022-05-06 12:39:28
CVE-2022-22677
2022-07-07 17:59:47
CVE-2022-22589
2022-02-10 16:51:01
debiancve
debiancve
CVE-2022-30294
2022-05-06 05:15:00
CVE-2022-22590
2022-03-18 18:15:00
CVE-2022-26719
2022-11-01 20:15:00
attackerkb
attackerkb
CVE-2022-22620
2022-03-18 00:00:00
CVE-2022-32893
2022-08-24 00:00:00
malwarebytes
malwarebytes
Update now! Apple fixes actively exploited zero-day
2022-02-11 11:27:06
thn
thn
Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild
2022-06-20 10:10:00
ubuntucve
ubuntucve
CVE-2022-30293
2022-05-06 00:00:00
CVE-2022-32893
2022-08-24 00:00:00
CVE-2022-22589
2022-02-11 00:00:00
veracode
veracode
Use-after-Free
2022-05-19 12:54:41
Denial Of Service (DoS)
2022-02-21 06:21:21
Denial Of Service (DoS)
2022-02-21 06:21:18
kaspersky
kaspersky
KLA12486 Multiple vulnerabilities in Apple iTunes
2022-03-08 00:00:00
prion
prion
Design/Logic Flaw
2023-02-27 20:15:00
Memory corruption
2022-11-01 20:15:00
Input validation
2022-03-18 18:15:00
cisa
cisa
Apple Releases Security Updates for Multiple Products
2022-09-01 00:00:00
CISA Adds One Known Exploited Vulnerability to Catalog
2022-02-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple OS Use After Free (CVE-2022-22620)
2022-06-30 00:00:00
trellix
trellix
Triton Malware Spearheads Latest Attacks on Industrial Systems | McAfee Blogs
2018-11-08 00:00:00
Triton Malware Spearheads Latest Attacks on Industrial Systems | McAfee Blogs
2018-11-08 00:00:00
cisa_kev
cisa_kev
Apple Webkit Remote Code Execution Vulnerability
2022-02-11 00:00:00
zdi
zdi
Apple Safari WebGLMultiDraw Heap-based Buffer Overflow Remote Code Execution Vulnerability
2022-03-22 00:00:00
hivepro
hivepro
Zero-day vulnerability in WebKit affects Apple macOS
2022-02-11 13:02:14
JSON
Related for GENTOO_GLSA-202208-39.NASL
gentoo1rocky3nessus39osv18debian10oraclelinux2almalinux2redhat11suse6ubuntu6apple10fedora6mageia5cve10alpinelinux7redhatcve8debiancve12attackerkb2malwarebytes1thn1ubuntucve8veracode11kaspersky1prion11cisa2checkpoint_advisories1trellix2cisa_kev1zdi1hivepro1