Lucene search

K
redhatcveRedhat.comRH:CVE-2024-40789
HistoryJul 31, 2024 - 4:06 p.m.

CVE-2024-40789

2024-07-3116:06:57
redhat.com
access.redhat.com
4
ios 16.7.9
ipados 16.7.9
safari 17.6
watchos 10.6
tvos 17.6
visionos 1.3
macos sonoma 14.6
unexpected process crash
malicious web content

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

49.8%

A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.

Mitigation

Do not process or load untrusted web content with WebKitGTK.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

49.8%