high
8.8
CWE
416 20
Advisory Published
CVE Published
Updated

CVE-2023-2203: Use After Free

First published: Fri Apr 21 2023(Updated: )

The WebKitGTK flaw <a href="https://access.redhat.com/security/cve/CVE-2023-28205">CVE-2023-28205</a> (<a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2023-28205 WebKitGTK: use-after-free leads to arbitrary code execution" href="show_bug.cgi?id=2185724">bug 2185724</a>) was addressed in Red Hat Enterprise Linux 8 via erratum RHSA-2023:1919 and in Red Hat Enterprise Linux 9 via erratum RHSA-2023:1918, released on Apr 20, 2023: <a href="https://access.redhat.com/errata/RHSA-2023:1919">https://access.redhat.com/errata/RHSA-2023:1919</a> <a href="https://access.redhat.com/errata/RHSA-2023:1918">https://access.redhat.com/errata/RHSA-2023:1918</a> However, the fix for this issue was not included in the WebKitGTK updates released as part of Red Hat Enterprise Linux 8.8 GA erratum (RHSA-2023:2834) and Red Hat Enterprise Linux 9.2 GA erratum (RHSA-2023:2256), causing a security regression of previously released fix. A new CVE-ID <a href="https://access.redhat.com/security/cve/CVE-2023-2203">CVE-2023-2203</a> was assigned for this security regression. Note that this issue and CVE-ID is specific to the WebKitGTK packages as shipped with Red Hat Enterprise Linux and is not applicable to any upstream WebKitGTK version or WebKitGTK packages of any other vendor that are not directly based on Red Hat Enterprise Linux packages. For more information about the original flaw, refer to the CVE page or bug linked above.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Webkitgtk Webkit2gtk3=2.38.5-1.el8
Webkitgtk Webkit2gtk3=2.38.5-1.el9
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Redhat Enterprise Linux Eus=8.8
Redhat Enterprise Linux Eus=9.2
Redhat Enterprise Linux Server Aus=8.8
Redhat Enterprise Linux Server Aus=9.2
Redhat Enterprise Linux Server Tus=8.8

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2023-2203?

    CVE-2023-2203 is a use-after-free vulnerability found in the WebKitGTK package that allows attackers to execute arbitrary code or cause a denial of service.

  • Which software versions are affected by CVE-2023-2203?

    Versions 2.38.5-1.el8 and 2.38.5-1.el9 of WebKitGTK package, Redhat Enterprise Linux 8.0 and 9.0, and Redhat Enterprise Linux Eus 8.8 and 9.2 are affected by CVE-2023-2203.

  • What is the severity level of CVE-2023-2203?

    CVE-2023-2203 has a severity level of 8.8 (high).

  • How can I fix CVE-2023-2203?

    Apply the necessary updates provided by Red Hat through the official Red Hat Security Advisory RHSA-2023:1919.

  • What is the Common Weakness Enumeration (CWE) ID associated with CVE-2023-2203?

    CVE-2023-2203 is associated with CWE-416 and CWE-20.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203