Vulnerabilities > CVE-2018-11646 - Unspecified vulnerability in Webkitgtk Webkitgtk+
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.
Vulnerable Configurations
Exploit-Db
description WebKitGTK+ < 2.21.3 - Crash (PoC). CVE-2018-11646. Local exploit for Linux platform file exploits/linux/local/44842.txt id EDB-ID:44842 last seen 2018-06-05 modified 2018-06-05 platform linux port published 2018-06-05 reporter Exploit-DB source https://www.exploit-db.com/download/44842/ title WebKitGTK+ < 2.21.3 - Crash (PoC) type local description WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' DoS. CVE-2018-11646. Dos exploit for Linux platform file exploits/linux/dos/44876.rb id EDB-ID:44876 last seen 2018-06-11 modified 2018-06-11 platform linux port published 2018-06-11 reporter Exploit-DB source https://www.exploit-db.com/download/44876/ title WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' DoS type dos
Metasploit
description | This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service. |
id | MSF:AUXILIARY/DOS/HTTP/WEBKITPLUS |
last seen | 2020-06-09 |
modified | 2020-05-12 |
published | 2018-06-09 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/webkitplus.rb |
title | WebKitGTK+ WebKitFaviconDatabase DoS |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201808-04.NASL description The remote host is affected by the vulnerability described in GLSA-201808-04 (WebkitGTK+: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary commands or cause a denial of service condition via a maliciously crafted web content. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 112078 published 2018-08-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112078 title GLSA-201808-04 : WebkitGTK+: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2018-AAC3CA8936.NASL description This update addresses the following vulnerabilities : - [CVE-2018-4190](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4190), [CVE-2018-4199](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4199), [CVE-2018-4218](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4218), [CVE-2018-4222](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4222), [CVE-2018-4232](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4232), [CVE-2018-4233](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4233), [CVE-2018-4246](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4246), [CVE-2018-11646](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2018-11646). Additional fixes : - Fix installation directory of API documentation. - Disable Gigacage if mmap fails to allocate in Linux. - Add user agent quirk for paypal website. - Properly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations. - Fix a network process crash when trying to get cookies of about:blank page. - Fix UI process crash when closing the window under Wayland. - Fix several crashes and rendering issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-07-02 plugin id 110823 published 2018-07-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110823 title Fedora 27 : webkitgtk4 (2018-aac3ca8936) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-566.NASL description This update for webkit2gtk3 to version 2.20.3 fixes the following issues : These security issues were fixed : - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693). - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted website (bsc#1097693) - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers an @generatorState use-after-free (bsc#1097693) - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted website (bsc#1097693) - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1097693) - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandle an unset pageURL, leading to an application crash (bsc#1095611). These non-security issues were fixed : - Disable Gigacage if mmap fails to allocate in Linux. - Add user agent quirk for paypal website. - Fix a network process crash when trying to get cookies of about:blank page. - Fix UI process crash when closing the window under Wayland. - Fix several crashes and rendering issues. This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123245 published 2019-03-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123245 title openSUSE Security Update : webkit2gtk3 (openSUSE-2019-566) NASL family Fedora Local Security Checks NASL id FEDORA_2018-118B9ABF99.NASL description This update addresses the following vulnerabilities : - [CVE-2018-4190](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4190), [CVE-2018-4199](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4199), [CVE-2018-4218](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4218), [CVE-2018-4222](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4222), [CVE-2018-4232](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4232), [CVE-2018-4233](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4233), [CVE-2018-4246](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4246), [CVE-2018-11646](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2018-11646). Additional fixes : - Fix installation directory of API documentation. - Disable Gigacage if mmap fails to allocate in Linux. - Add user agent quirk for paypal website. - Properly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations. - Fix a network process crash when trying to get cookies of about:blank page. - Fix UI process crash when closing the window under Wayland. - Fix several crashes and rendering issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120240 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120240 title Fedora 28 : webkit2gtk3 (2018-118b9abf99) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3387-1.NASL description This update for webkit2gtk3 to version 2.20.3 fixes the issues : The following security vulnerabilities were addressed : CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs (boo#1101999) CVE-2017-13884: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775). CVE-2017-13885: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775). CVE-2017-7153: An unspecified issue allowed remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted website that sends a 401 Unauthorized redirect (bsc#1077535). CVE-2017-7160: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775). CVE-2017-7161: An unspecified issue allowed remote attackers to execute arbitrary code via special characters that trigger command injection (bsc#1075775, bsc#1077535). CVE-2017-7165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775). CVE-2018-4088: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775). CVE-2018-4096: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775). CVE-2018-4200: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers a WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280). CVE-2018-4204: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092279). CVE-2018-4101: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182). CVE-2018-4113: An issue in the JavaScriptCore function in the last seen 2020-06-01 modified 2020-06-02 plugin id 118389 published 2018-10-25 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118389 title SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:3387-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2075-1.NASL description This update for webkit2gtk3 to version 2.20.3 fixes the following issues: These security issues were fixed : - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693). - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted website (bsc#1097693) - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers an @generatorState use-after-free (bsc#1097693) - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted website (bsc#1097693) - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1097693) - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandle an unset pageURL, leading to an application crash (bsc#1095611). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 120064 published 2019-01-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120064 title SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2018:2075-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1288.NASL description This update for webkit2gtk3 to version 2.20.3 fixes the issues : The following security vulnerabilities were addressed : - CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs (boo#1101999) - CVE-2017-13884: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775). - CVE-2017-13885: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775). - CVE-2017-7153: An unspecified issue allowed remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted website that sends a 401 Unauthorized redirect (bsc#1077535). - CVE-2017-7160: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775). - CVE-2017-7161: An unspecified issue allowed remote attackers to execute arbitrary code via special characters that trigger command injection (bsc#1075775, bsc#1077535). - CVE-2017-7165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775). - CVE-2018-4088: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775). - CVE-2018-4096: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775). - CVE-2018-4200: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers a WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280). - CVE-2018-4204: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092279). - CVE-2018-4101: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182). - CVE-2018-4113: An issue in the JavaScriptCore function in the last seen 2020-06-05 modified 2018-10-26 plugin id 118453 published 2018-10-26 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118453 title openSUSE Security Update : webkit2gtk3 (openSUSE-2018-1288) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-845.NASL description This update for webkit2gtk3 to version 2.20.3 fixes the following issues : These security issues were fixed : - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693). - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted website (bsc#1097693) - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers an @generatorState use-after-free (bsc#1097693) - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted website (bsc#1097693) - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1097693) - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandle an unset pageURL, leading to an application crash (bsc#1095611). These non-security issues were fixed : - Disable Gigacage if mmap fails to allocate in Linux. - Add user agent quirk for paypal website. - Fix a network process crash when trying to get cookies of about:blank page. - Fix UI process crash when closing the window under Wayland. - Fix several crashes and rendering issues. This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-08-10 plugin id 111626 published 2018-08-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111626 title openSUSE Security Update : webkit2gtk3 (openSUSE-2018-845)
Packetstorm
data source https://packetstormsecurity.com/files/download/148135/webkitplus.rb.txt id PACKETSTORM:148135 last seen 2018-06-13 published 2018-06-11 reporter Mishra Dhiraj source https://packetstormsecurity.com/files/148135/WebKitGTK-WebKitFaviconDatabase-Denial-Of-Service.html title WebKitGTK+ WebKitFaviconDatabase Denial Of Service data source https://packetstormsecurity.com/files/download/148053/CVE-2018-11646.txt id PACKETSTORM:148053 last seen 2018-06-06 published 2018-06-05 reporter Mishra Dhiraj source https://packetstormsecurity.com/files/148053/WebKitGTK-2.21.3-pageURL-Mishandling-Denial-Of-Service.html title WebKitGTK+ 2.21.3 pageURL Mishandling Denial Of Service
References
- https://bugs.webkit.org/show_bug.cgi?id=186164
- https://bugs.webkit.org/show_bug.cgi?id=186164
- https://bugzilla.gnome.org/show_bug.cgi?id=795740
- https://bugzilla.gnome.org/show_bug.cgi?id=795740
- https://security.gentoo.org/glsa/201808-04
- https://security.gentoo.org/glsa/201808-04
- https://www.exploit-db.com/exploits/44842/
- https://www.exploit-db.com/exploits/44842/
- https://www.exploit-db.com/exploits/44876/
- https://www.exploit-db.com/exploits/44876/