Multiple vulnerabilities in WebKitGTK+ and WPE WebKit



Published: 2020-07-14 | Updated: 2020-08-02
Risk High
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2020-13753
CVE-2020-9850
CVE-2020-9843
CVE-2020-9807
CVE-2020-9806
CVE-2020-9805
CVE-2020-9803
CVE-2020-9802
CWE-ID CWE-20
CWE-79
CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe
WebKitGTK+
Server applications / Frameworks for developing and running applications

WPE WebKit
Server applications / Frameworks for developing and running applications

Vendor WebKitGTK
WPE WebKit

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

Updated: 02.08.2020

Changed bulletin title, added vulnerabilities #2-7.

1) Input validation error

EUVDB-ID: #VU32874

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-13753

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

Mitigation

Install update from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.28.0 - 2.28.2

WPE WebKit: 2.28.0 - 2.28.2


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/
http://security.gentoo.org/glsa/202007-11
http://trac.webkit.org/changeset/262368/webkit
http://usn.ubuntu.com/4422-1/
http://www.debian.org/security/2020/dsa-4724
http://www.openwall.com/lists/oss-security/2020/07/10/1

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Input validation error

EUVDB-ID: #VU32964

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9850

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input when processing web content. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.0.0 - 2.29.2

WPE WebKit: 2.19.93 - 2.28.2


CPE2.3 External links

http://webkitgtk.org/security/WSA-2020-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Cross-site scripting

EUVDB-ID: #VU32963

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-9843

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.0.0 - 2.28.2

WPE WebKit: 2.19.93 - 2.28.2


CPE2.3 External links

http://webkitgtk.org/security/WSA-2020-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Memory corruption

EUVDB-ID: #VU32962

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9807

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input when processing web content. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.0.0 - 2.29.2

WPE WebKit: 2.19.93 - 2.28.2


CPE2.3 External links

http://webkitgtk.org/security/WSA-2020-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Memory corruption

EUVDB-ID: #VU32961

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9806

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input when processing web content. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.0.0 - 2.29.2

WPE WebKit: 2.19.93 - 2.28.2


CPE2.3 External links

http://webkitgtk.org/security/WSA-2020-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Universal cross-site scripting

EUVDB-ID: #VU32960

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-9805

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.0.0 - 2.28.2

WPE WebKit: 2.19.93 - 2.28.2


CPE2.3 External links

http://webkitgtk.org/security/WSA-2020-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Memory corruption

EUVDB-ID: #VU32959

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9803

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input when processing web content. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.0.0 - 2.29.2

WPE WebKit: 2.19.93 - 2.28.2


CPE2.3 External links

http://webkitgtk.org/security/WSA-2020-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Input validation error

EUVDB-ID: #VU32958

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-9802

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input when processing web content. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.0.0 - 2.29.2

WPE WebKit: 2.19.93 - 2.28.2


CPE2.3 External links

http://webkitgtk.org/security/WSA-2020-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###