Lucene search

K
redhatcveRedhat.comRH:CVE-2022-32893
HistoryAug 26, 2022 - 6:10 a.m.

CVE-2022-32893

2022-08-2606:10:17
redhat.com
access.redhat.com
121
flaw
webkitgtk
input validation
out-of-bounds write
vulnerability
network access
specially crafted
web content
arbitrary code execution

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.006

Percentile

78.5%

A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to an out-of-bounds write. This flaw allows an attacker with network access to pass specially crafted web content files, causing arbitrary code execution.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.006

Percentile

78.5%