8.8
CVE-2019-8720
- EPSS 8.24%
- Published 06.03.2023 23:15:10
- Last modified 27.03.2025 14:08:19
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
Data is provided by the National Vulnerability Database (NVD)
Wpewebkit ≫ Wpe Webkit Version < 2.26.0
Redhat ≫ Codeready Linux Builder Version8.0
Redhat ≫ Codeready Linux Builder Eus Version8.4
Redhat ≫ Codeready Linux Builder Eus Version8.6
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version8.0
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version8.4
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version8.6
Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version8.0
Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version8.4
Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version8.6
Redhat ≫ Enterprise Linux Version8.0 SwEdition-
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Eus Version8.4
Redhat ≫ Enterprise Linux Eus Version8.6
Redhat ≫ Enterprise Linux For Arm64 Version8.0
Redhat ≫ Enterprise Linux For Arm64 Eus Version8.4
Redhat ≫ Enterprise Linux For Arm64 Eus Version8.6
Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0
Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.4
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.6
Redhat ≫ Enterprise Linux For Power Big Endian Version7.0
Redhat ≫ Enterprise Linux For Power Little Endian Version7.0
Redhat ≫ Enterprise Linux For Power Little Endian Version8.0
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.6
Redhat ≫ Enterprise Linux For Scientific Computing Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version8.4
Redhat ≫ Enterprise Linux Server Aus Version8.6
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.4
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.6
Redhat ≫ Enterprise Linux Server Tus Version8.4
Redhat ≫ Enterprise Linux Server Tus Version8.6
Redhat ≫ Enterprise Linux Workstation Version7.0
23.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
WebKitGTK Memory Corruption Vulnerability
VulnerabilityWebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.24% | 0.918 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.