Lucene search

K
osvGoogleOSV:SUSE-SU-2024:2065-1
HistoryJun 18, 2024 - 11:15 a.m.

Security update for webkit2gtk3

2024-06-1811:15:22
Google
osv.dev
4
security
webkit2gtk3
update
vulnerability
bypass pointer authentication

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

This update for webkit2gtk3 fixes the following issues:

  • Update to version 2.44.2
  • CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. (bsc#1225071)

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low