fkie_nvd - fkie_cve-2019-8720

fkie_cve-2019-8720

Vulnerability from fkie_nvd

Published

2023-03-06 23:15

Modified

2025-03-27 14:08

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1876611	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://webkitgtk.org/security/WSA-2019-0005.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1876611	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://webkitgtk.org/security/WSA-2019-0005.html	Vendor Advisory

Impacted products

Vendor	Product	Version
webkitgtk	webkitgtk	*
wpewebkit	wpe_webkit	*
redhat	codeready_linux_builder	8.0
redhat	codeready_linux_builder_eus	8.4
redhat	codeready_linux_builder_eus	8.6
redhat	codeready_linux_builder_for_arm64_eus	8.0
redhat	codeready_linux_builder_for_arm64_eus	8.4
redhat	codeready_linux_builder_for_arm64_eus	8.6
redhat	codeready_linux_builder_for_ibm_z_systems_eus	8.0
redhat	codeready_linux_builder_for_ibm_z_systems_eus	8.4
redhat	codeready_linux_builder_for_ibm_z_systems_eus	8.6
redhat	codeready_linux_builder_for_power_little_endian_eus	8.0
redhat	codeready_linux_builder_for_power_little_endian_eus	8.4
redhat	codeready_linux_builder_for_power_little_endian_eus	8.6
redhat	enterprise_linux	8.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	8.4
redhat	enterprise_linux_eus	8.6
redhat	enterprise_linux_for_arm64	8.0
redhat	enterprise_linux_for_arm64_eus	8.4
redhat	enterprise_linux_for_arm64_eus	8.6
redhat	enterprise_linux_for_ibm_z_systems	7.0
redhat	enterprise_linux_for_ibm_z_systems	8.0
redhat	enterprise_linux_for_ibm_z_systems_eus	8.4
redhat	enterprise_linux_for_ibm_z_systems_eus	8.6
redhat	enterprise_linux_for_power_big_endian	7.0
redhat	enterprise_linux_for_power_little_endian	7.0
redhat	enterprise_linux_for_power_little_endian	8.0
redhat	enterprise_linux_for_power_little_endian_eus	8.4
redhat	enterprise_linux_for_power_little_endian_eus	8.6
redhat	enterprise_linux_for_scientific_computing	7.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	8.4
redhat	enterprise_linux_server_aus	8.6
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.4
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.6
redhat	enterprise_linux_server_tus	8.4
redhat	enterprise_linux_server_tus	8.6
redhat	enterprise_linux_server_update_services_for_sap_solutions	8.4
redhat	enterprise_linux_server_update_services_for_sap_solutions	8.6
redhat	enterprise_linux_workstation	7.0

JSON

To clipboard

{
  "cisaActionDue": "2022-06-13",
  "cisaExploitAdd": "2022-05-23",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "WebKitGTK Memory Corruption Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A074F91-F0EF-4427-B9AB-A2EE9C899272",
              "versionEndExcluding": "2.26.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B5D0857-4DA0-41D2-A8F4-FE70E80B9F64",
              "versionEndExcluding": "2.26.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93A089E2-D66E-455C-969A-3140D991BAF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B399239A-5211-4174-9A47-A71DBA786426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BE16CC2-C6B4-4B73-98A1-F28475A92F49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84BC50C8-5907-4BFF-BD0F-C20586F81DC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA48C33A-ECCA-41A8-8A32-CD4FAD6D963B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1DF28D-0D84-4E40-8E46-BA0EFD371111",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1903C71D-08F1-4B84-AE75-62A84CB789E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40A60CB0-824E-4D3B-B26F-28E1F5EDDE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C1A0CA2-2BBD-4A7A-B467-F456867D5EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3F1B4FA-2161-4BE6-93E9-745E543B326C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "58D2C068-2FF0-4FAB-8317-3ABC6EF8B988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "845B853C-8F99-4987-AA8E-76078CE6A977",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*",
              "matchCriteriaId": "053C1B35-3869-41C2-9551-044182DE0A64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm64:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "40D24D63-0C1F-4470-8BB9-A2F0E54B9278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm64_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E41863-BE2C-4A31-B60D-EED8803187E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm64_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F76C4F35-2E16-40BF-AFF3-249316757798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF5C4AC-CA69-41E3-AD93-7AC21931374A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "729C515E-1DD3-466D-A50B-AFE058FFC94A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "22D095ED-9247-4133-A133-73B7668565E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC6DD887-9744-43EA-8B3C-44C6B6339590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7614E5D3-4643-4CAE-9578-9BB9D558211F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues."
    }
  ],
  "id": "CVE-2019-8720",
  "lastModified": "2025-03-27T14:08:19.520",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-03-06T23:15:10.287",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://webkitgtk.org/security/WSA-2019-0005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://webkitgtk.org/security/WSA-2019-0005.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2019-8720 (GCVE-0-2019-8720)

Vulnerability from cvelistv5

Published

2023-03-06 00:00

Modified

2025-07-30 01:37

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-119