Lucene search

K
redhatcveRedhat.comRH:CVE-2022-42856
HistoryDec 15, 2022 - 8:36 a.m.

CVE-2022-42856

2022-12-1508:36:08
redhat.com
access.redhat.com
19
vulnerability
webkitgtk
arbitrary code execution
type confusion
memory handling
malicious content
environment variable

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.008

Percentile

81.6%

A vulnerability was found in webkitgtk, where a type confusion issue was addressed with improved memory handling. By this security flaw processing maliciously crafted web content may lead to arbitrary code execution.

Mitigation

Setting the environment variable JSC_useFTLJIT=0 will disable the vulnerable code. (This will also somewhat slow down JavaScript execution.)

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.008

Percentile

81.6%