Main Vulnerability Database Vulnerabilities #VU33457

#VU33457 Input validation error in WebKitGTK+ - CVE-2017-2371

Published: February 20, 2017 / Updated: February 10, 2026

Vulnerability identifier: #VU33457

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2017-2371

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
WebKitGTK+

Software vendor:
WebKitGTK

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/95735
http://www.securitytracker.com/id/1037668
https://security.gentoo.org/glsa/201706-15
https://support.apple.com/HT207482
https://www.exploit-db.com/exploits/41451/

#VU33457 Input validation error in WebKitGTK+ - CVE-2017-2371

Description

Remediation

External links

Please verify you're human