{
  "threat_severity" : "Moderate",
  "public_date" : "2019-10-29T00:00:00Z",
  "bugzilla" : {
    "description" : "webkitgtk: Multiple memory corruption issues leading to arbitrary code execution",
    "id" : "1876611",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-119",
  "details" : [ "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.", "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues." ],
  "statement" : "This flaw is rated as 'Moderate' as the WebKitGTK package is shipped as a dependency for the Gnome package. Red Hat Enterprise Linux does not ship any WebKitGTK-based web browser where this flaw would present a higher severity major threat.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-09-29T00:00:00Z",
    "advisory" : "RHSA-2020:4035",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "webkitgtk4-0:2.28.2-2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4451",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "webkit2gtk3-0:2.28.4-1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "webkitgtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-8720\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8720\nhttps://webkitgtk.org/security/WSA-2019-0005.html\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog" ],
  "name" : "CVE-2019-8720",
  "mitigation" : {
    "value" : "Red Hat has investigated whether possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
    "lang" : "en:us"
  },
  "csaw" : false
}