CVE-2023-25358: Use After Free
Published Mar 2, 2023
·Updated
A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
Affected Software
8 affected componentsFixes available
debian/webkit2gtk<=2.36.4-1~deb10u1
2.38.5-1~deb10u12.38.5-1~deb11u12.40.1-1~deb11u12.40.1-1
debian/wpewebkit
2.38.5-1~deb11u12.38.6-1~deb11u12.38.6-1
ubuntu/webkit2gtk<2.38.6-0ubuntu0.20.04.1
2.38.6-0ubuntu0.20.04.1
ubuntu/webkit2gtk<2.38.6-0ubuntu0.22.04.1
2.38.6-0ubuntu0.22.04.1
ubuntu/webkit2gtk<2.38.6-0ubuntu0.22.10.1
2.38.6-0ubuntu0.22.10.1
WebKitGTK WebKitGTK<2.36.8
Fedoraproject Fedora=38
redhat/webkitgtk<2.36.8
2.36.8
Event History
Mar 2, 2023
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Mar 3, 2023
Data Sourced
via Red Hat·08:25 AM
DescriptionSeverityAffected Software
May 9, 2023
Data Sourced
09:25 AM
Description
Frequently Asked Questions
1
What is the vulnerability ID for this use-after-free vulnerability?
The vulnerability ID for this use-after-free vulnerability is CVE-2023-25358.
2
What is the severity of CVE-2023-25358?
The severity of CVE-2023-25358 is not specified in the provided information.
3
How does the use-after-free vulnerability in WebCore::RenderLayer::addChild allow attackers to execute code remotely?
The use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK allows attackers to execute code remotely by manipulating memory after it has been freed.
4
Which versions of WebKitGTK are affected by CVE-2023-25358?
The versions of WebKitGTK affected by CVE-2023-25358 are before 2.36.8.
5
What are the recommended versions of WebKitGTK to fix CVE-2023-25358?
The recommended versions of WebKitGTK to fix CVE-2023-25358 are 2.38.5-1~deb10u1, 2.38.5-1~deb11u1, 2.40.1-1~deb11u1, and 2.40.1-1.