Data Handling in WebKitGTK WebKitGTK+

1) Data Handling

EUVDB-ID: #VU31117

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-11070

CWE-ID: CWE-19 - Data Handling

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.

Mitigation

Install update from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.24.0

CPE2.3

• cpe:2.3:a:webkitgtk:webkitgtk_plus:2.24.0:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html
https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html
https://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html
https://www.openwall.com/lists/oss-security/2019/04/11/1
https://bugs.webkit.org/show_bug.cgi?id=193718
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/
https://seclists.org/bugtraq/2019/Apr/21
https://security.gentoo.org/glsa/201909-05
https://trac.webkit.org/changeset/243197/webkit
https://usn.ubuntu.com/3948-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.