{
  "threat_severity" : "Important",
  "public_date" : "2023-06-29T00:00:00Z",
  "bugzilla" : {
    "description" : "webkitgtk: improper bounds checking leading to arbitrary code execution",
    "id" : "2218623",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2218623"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-94",
  "details" : [ "The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.", "A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution." ],
  "statement" : "WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality..\nWebKitGTK4 is used in Red Hat Enterprise Linux 7 by the following packages: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-07T00:00:00Z",
    "advisory" : "RHSA-2025:10364",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "webkitgtk4-0:2.48.3-2.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:2834",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "webkit2gtk3-0:2.38.5-1.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2024-11-14T00:00:00Z",
    "advisory" : "RHSA-2024:9680",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.2",
    "package" : "webkit2gtk3-0:2.46.3-1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2024-11-14T00:00:00Z",
    "advisory" : "RHSA-2024:9679",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.4",
    "package" : "webkit2gtk3-0:2.46.3-1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "release_date" : "2024-11-14T00:00:00Z",
    "advisory" : "RHSA-2024:9679",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.4",
    "package" : "webkit2gtk3-0:2.46.3-1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "release_date" : "2024-11-14T00:00:00Z",
    "advisory" : "RHSA-2024:9679",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.4",
    "package" : "webkit2gtk3-0:2.46.3-1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2024-11-14T00:00:00Z",
    "advisory" : "RHSA-2024:9653",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.6",
    "package" : "webkit2gtk3-0:2.46.3-1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2024-11-14T00:00:00Z",
    "advisory" : "RHSA-2024:9653",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.6",
    "package" : "webkit2gtk3-0:2.46.3-1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2024-11-14T00:00:00Z",
    "advisory" : "RHSA-2024:9653",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.6",
    "package" : "webkit2gtk3-0:2.46.3-1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2256",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "webkit2gtk3-0:2.38.5-1.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "webkitgtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-48503\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48503\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog" ],
  "csaw" : true,
  "name" : "CVE-2022-48503",
  "mitigation" : {
    "value" : "To mitigate this vulnerability, consider removing certain GNOME packages. Note that uninstalling these packages will break functionality in GNOME, however the server can still be used via the terminal interface.",
    "lang" : "en:us"
  }
}