CVE-2023-25363

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions WebKitGTK versions prior to 2.36.8

Description A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags allows attackers to execute code remotely. This issue is related to the rendering of web pages and can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For WebKitGTK versions prior to 2.36.8, update to version 2.36.8 or later to resolve the issue. As a temporary workaround, consider disabling the updateDescendantDependentFlags function in WebCore::RenderLayer until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2023:2256

ALSA-2023:2834

ALT-PU-2022-2670

ALT-PU-2022-2671

ALT-PU-2022-2672

BDU:2024-06942

CESA-2023_2834

CVE-2023-25363

DLA-3124-1

DSA-5240-1

DSA-5241-1

RHSA-2023:2256

RHSA-2023:2834

RHSA-2023_2256

RHSA-2023_2834

SUSE-SU-2023:2056-1

SUSE-SU-2023:2065-1

SUSE-SU-2023:2077-1

SUSE-SU-2023:2078-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Red Os

Suse

Webkitgtk

CVE-2023-25363

Weakness Enumeration

Related Identifiers

Affected Products

References · 96