CVE-2023-2203

Published: May 17, 2023Modified: Jan 22, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

Affected (9)

Products: Webkitgtk: Webkit2gtk3 · Redhat: Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server Aus, Enterprise Linux Server Tus

1 product

4 products

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Webkitgtk Webkit2gtk3	Version 2.38.5-1.el8
Webkitgtk Webkit2gtk3	Version 2.38.5-1.el9

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0
Redhat Enterprise Linux Eus	Version 8.8
Redhat Enterprise Linux Eus	Version 9.2
Redhat Enterprise Linux Server Aus	Version 8.8
Redhat Enterprise Linux Server Aus	Version 9.2
Redhat Enterprise Linux Server Tus	Version 8.8