Vulnerability Details CVE-2023-2203
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.7%
CVSS Severity
CVSS v3 Score 8.8
References
- https://access.redhat.com/errata/RHSA-2023:2653
- https://access.redhat.com/errata/RHSA-2023:3108
- https://access.redhat.com/security/cve/CVE-2023-2203
- https://bugzilla.redhat.com/show_bug.cgi?id=2188543
- https://access.redhat.com/errata/RHSA-2023:2653
- https://access.redhat.com/errata/RHSA-2023:3108
- https://access.redhat.com/security/cve/CVE-2023-2203
- https://bugzilla.redhat.com/show_bug.cgi?id=2188543
Products affected by CVE-2023-2203
-
cpe:2.3:a:webkitgtk:webkit2gtk3:2.38.5-1.el8
-
cpe:2.3:a:webkitgtk:webkit2gtk3:2.38.5-1.el9
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.8
-
cpe:2.3:o:redhat:enterprise_linux_eus:9.2
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.8
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8