{ "threat_severity" : "Moderate", "public_date" : "2023-09-28T00:00:00Z", "bugzilla" : { "description" : "webkitgtk: processing web content may lead to arbitrary code execution", "id" : "2241405", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2241405" }, "cvss3" : { "cvss3_base_score" : "8.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status" : "draft" }, "cwe" : "CWE-416", "details" : [ "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.", "A use-after-free vulnerability was found in WebKitGTK. This issue could allow an attacker to cause memory corruption and execute Remote Code Execution. The victim needs to visit a malicious web page in order for a successful attack to be accomplished." ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "webkitgtk", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "webkitgtk3", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "webkitgtk4", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "webkit2gtk3", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "webkit2gtk3", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-39434\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39434\nhttps://webkitgtk.org/security/WSA-2023-0009.html" ], "name" : "CVE-2023-39434", "csaw" : false }