ID:6408 - Exploit for Improper input validation in GNOME Web (Epiphany) - CVE-2018-11396

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:6408 - Exploit for Improper input validation in GNOME Web (Epiphany) - CVE-2018-11396

ID:6408 - Exploit for Improper input validation in GNOME Web (Epiphany) - CVE-2018-11396

Published: June 17, 2021


Vulnerability identifier: #VU13557
Vulnerability risk: Low
CVE-ID: CVE-2018-11396
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
GNOME Web (Epiphany)

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) due to insufficient validation of user-supplied input. A remote attacker can supply JavaScript code, trigger access to a NULL URL, as demonstrated by a crafted window.open call and cause the service to crash.


Remediation

Install update from vendor's website.