Skip to main content

Webkitgtk CVE-2017-1000122

MEDIUM
Improper Input Validation (CWE-20)
2017-11-01 cve@mitre.org
5.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Nov 01, 2017 - 21:29 cve.org
MEDIUM 5.3

DescriptionCVE.org

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products.

AnalysisAI

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products. Affected products include: Webkitgtk Webkitgtk\+. Version information: prior to 2.16.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-4162 HIGH POC
8.8 Apr 03

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-2363 MEDIUM POC
6.5 Feb 20

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl

CVE-2017-2373 HIGH POC
8.8 Feb 20

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-2365 MEDIUM POC
6.5 Feb 20

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl

CVE-2019-8375 CRITICAL POC
9.8 Feb 24

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products

CVE-2017-2369 HIGH POC
8.8 Feb 20

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2021-21806 HIGH POC
8.8 Jul 08

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. Rated high severity (CVSS 8.

CVE-2021-21779 HIGH POC
8.8 Jul 08

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. Ra

CVE-2020-13584 HIGH POC
8.8 Dec 03

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. Rated high severity (CVSS 8.

CVE-2020-13543 HIGH POC
8.8 Dec 03

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. Rated high severity (CV

CVE-2018-12293 HIGH POC
8.8 Jun 19

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKi

CVE-2017-2360 HIGH POC
7.8 Feb 20

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authenticati

Share

CVE-2017-1000122 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy