PT-2022-19686 · Gnome+3 · Gnome Epiphany+3

Michael Catanzaro

Published

2022-04-20

Updated

2024-06-15

CVE-2022-29536

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNOME Epiphany versions prior to 41.4 GNOME Epiphany versions 42.x prior to 42.2

Description The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered, allowing an HTML document to trigger a client buffer overflow via a long page title. This happens in the ephy string shorten function within the UI process.

Recommendations For GNOME Epiphany versions prior to 41.4, update to version 41.4 or later. For GNOME Epiphany versions 42.x prior to 42.2, update to version 42.2 or later. As a temporary workaround, consider restricting the use of long page titles until a patch is available.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2022-1741

CVE-2022-29536

DLA-3074-1

DSA-5208-1

MGASA-2022-0382

OESA-2022-1627

OPENSUSE-SU-2024:12025-1

USN-5561-1

Affected Products

Alt Linux

Gnome Epiphany

Linuxmint

Ubuntu

PT-2022-19686 · Gnome+3 · Gnome Epiphany+3

CVE-2022-29536

Weakness Enumeration

Related Identifiers

Affected Products

References · 36