Vulnerabilities > CVE-2019-8846 - Use After Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4261-1.NASL description A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133356 published 2020-01-30 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133356 title Ubuntu 18.04 LTS / 19.10 : webkit2gtk vulnerabilities (USN-4261-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-1135-1.NASL description This update for webkit2gtk3 to version 2.28.1 fixes the following issues : Security issues fixed : CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528). CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658). CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). CVE-2020-3867: Fixed an XSS issue (bsc#1163809). CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). CVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object context handling (bsc#1163809). Non-security issues fixed: Add API to enable Process Swap on (Cross-site) Navigation. Add user messages API for the communication with the web extension. Add support for same-site cookies. Service workers are enabled by default. Add support for Pointer Lock API. Add flatpak sandbox support. Make ondemand hardware acceleration policy never leave accelerated compositing mode. Always use a light theme for rendering form controls. Add about:gpu to show information about the graphics stack. Fixed issues while trying to play a video on NextCloud. Fixed vertical alignment of text containing arabic diacritics. Fixed build with icu 65.1. Fixed page loading errors with websites using HSTS. Fixed web process crash when displaying a KaTeX formula. Fixed several crashes and rendering issues. Switched to a single web process for Evolution and geary (bsc#1159329). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2020-04-29 plugin id 136082 published 2020-04-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136082 title SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:1135-1) NASL family Misc. NASL id APPLETV_13_3.NASL description According to its banner, the version of Apple TV on the remote device is prior to 13.3. It is therefore affected by multiple vulnerabilities as described in the HT210790 last seen 2020-06-01 modified 2020-06-02 plugin id 132045 published 2019-12-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132045 title Apple TV < 13.3 Multiple Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_DC8CFF4C406311EA8A943497F6939FDD.NASL description The WebKitGTK project reports multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 133245 published 2020-01-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133245 title FreeBSD : webkit-gtk3 -- Multiple vulnerabilities (dc8cff4c-4063-11ea-8a94-3497f6939fdd) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-22.NASL description The remote host is affected by the vulnerability described in GLSA-202003-22 (WebkitGTK+: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code, cause a Denial of Service condition, bypass intended memory-read restrictions, conduct a timing side-channel attack to bypass the Same Origin Policy or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-16 plugin id 134599 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134599 title GLSA-202003-22 : WebkitGTK+: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-278.NASL description This update for webkit2gtk3 to version 2.26.4 fixes the following issues : Security issues fixed : - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3864: Fixed a logic issue in the DOM object context handling (bsc#1163809). - CVE-2020-3865: Fixed a logic issue in the DOM object context handling (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). Non-security issues fixed : - Fixed issues while trying to play a video on NextCloud. - Fixed vertical alignment of text containing arabic diacritics. - Fixed build with icu 65.1. - Fixed page loading errors with websites using HSTS. - Fixed web process crash when displaying a KaTeX formula. - Fixed several crashes and rendering issues. - Switched to a single web process for Evolution and geary (bsc#1159329 glgo#GNOME/evolution#587). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-03-18 modified 2020-03-02 plugin id 134198 published 2020-03-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134198 title openSUSE Security Update : webkit2gtk3 (openSUSE-2020-278) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0468-1.NASL description This update for webkit2gtk3 to version 2.26.4 fixes the following issues : Security issues fixed : CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). CVE-2020-3864: Fixed a logic issue in the DOM object context handling (bsc#1163809). CVE-2020-3865: Fixed a logic issue in the DOM object context handling (bsc#1163809). CVE-2020-3867: Fixed an XSS issue (bsc#1163809). CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). Non-security issues fixed: Fixed issues while trying to play a video on NextCloud. Fixed vertical alignment of text containing arabic diacritics. Fixed build with icu 65.1. Fixed page loading errors with websites using HSTS. Fixed web process crash when displaying a KaTeX formula. Fixed several crashes and rendering issues. Switched to a single web process for Evolution and geary (bsc#1159329 glgo#GNOME/evolution#587). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-02-26 plugin id 134082 published 2020-02-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134082 title SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:0468-1) NASL family Fedora Local Security Checks NASL id FEDORA_2020-97E849CE46.NASL description - Fix issues while trying to play a video on NextCloud. - Make sure the GL video sink uses a valid WebKit shared GL context. - Fix vertical alignment of text containing arabic diacritics. - Fix build with icu 65.1. - Fix page loading errors with websites using HSTS. - Fix web process crash when displaying a KaTeX formula. - Fix several crashes and rendering issues. [WebKitGTK Security Advisory WSA-2020-0001](https://www.webkitgtk.org/security/WSA-2020-0001.html) - CVE-2019-8835 - CVE-2019-8844 - CVE-2019-8846 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133372 published 2020-01-31 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133372 title Fedora 31 : webkit2gtk3 (2020-97e849ce46) NASL family Fedora Local Security Checks NASL id FEDORA_2020-F11A905FC2.NASL description - Fix issues while trying to play a video on NextCloud. - Make sure the GL video sink uses a valid WebKit shared GL context. - Fix vertical alignment of text containing arabic diacritics. - Fix build with icu 65.1. - Fix page loading errors with websites using HSTS. - Fix web process crash when displaying a KaTeX formula. - Fix several crashes and rendering issues. [WebKitGTK Security Advisory WSA-2020-0001](https://www.webkitgtk.org/security/WSA-2020-0001.html) - CVE-2019-8835 - CVE-2019-8844 - CVE-2019-8846 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133431 published 2020-02-03 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133431 title Fedora 30 : webkit2gtk3 (2020-f11a905fc2) NASL family Windows NASL id ITUNES_12_10_3.NASL description The version of Apple iTunes installed on the remote Windows host is prior to 12.10.3. It is, therefore, affected by multiple vulnerabilities as referenced in the HT210793 advisory. - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132416 published 2019-12-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132416 title Apple iTunes < 12.10.3 Multiple Vulnerabilities (credentialed check) NASL family Peer-To-Peer File Sharing NASL id ITUNES_12_10_3_BANNER.NASL description The version of Apple iTunes installed on the remote Windows host is prior to 12.10.3. It is, therefore, affected by multiple vulnerabilities as referenced in the HT210793 advisory. - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132415 published 2019-12-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132415 title Apple iTunes < 12.10.3 Multiple Vulnerabilities (uncredentialed check) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4610.NASL description The following vulnerabilities have been discovered in the webkit2gtk web engine : - CVE-2019-8835 An anonymous researcher discovered that maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8844 William Bowling discovered that maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8846 Marcin Towalski of Cisco Talos discovered that maliciously crafted web content may lead to arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 133325 published 2020-01-30 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133325 title Debian DSA-4610-1 : webkit2gtk - security update
Talos
id | TALOS-2019-0943 |
last seen | 2019-12-12 |
published | 2019-12-11 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0943 |
title | Apple Safari SVG Marker Element baseVal Remote Code Execution Vulnerability |
References
- https://support.apple.com/en-us/HT210785
- https://support.apple.com/en-us/HT210790
- https://support.apple.com/en-us/HT210792
- https://support.apple.com/en-us/HT210793
- https://support.apple.com/en-us/HT210794
- https://support.apple.com/en-us/HT210795
- https://support.apple.com/en-us/HT210785
- https://support.apple.com/en-us/HT210795
- https://support.apple.com/en-us/HT210794
- https://support.apple.com/en-us/HT210793
- https://support.apple.com/en-us/HT210792
- https://support.apple.com/en-us/HT210790