Arch Linux update for wpewebkit



Published: 2022-07-29 | Updated: 2022-08-19
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2022-32792
CVE-2022-32816
CWE-ID CWE-787
CWE-451
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Arch Linux
Operating systems & Components / Operating system

Vendor Arch Linux

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU65621

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32792

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the B3 JIT compiler in WebKit. A remote attacker can trick the victim into opening a specially crafted webpage, trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package wpewebkit to version 2.36.5-1.

Vulnerable software versions

Arch Linux: All versions


CPE2.3 External links

http://security.archlinux.org/advisory/ASA-202207-2

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Spoofing attack

EUVDB-ID: #VU65620

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32816

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in WebKit. A remote attacker can spoof page content.

Mitigation

Update the affected package wpewebkit to version 2.36.5-1.

Vulnerable software versions

Arch Linux: All versions


CPE2.3 External links

http://security.archlinux.org/advisory/ASA-202207-2

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###