CVE-2018-11646

HIGH

WebKitGTK+ <2.21.3 - Use After Free

Title source: llm

Description

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.

Exploits (3)

exploitdb WORKING POC

by Dhiraj Mishra · rubydoslinux

https://www.exploit-db.com/exploits/44876

View Code ZIP pw:eip

exploitdb WORKING POC

by Dhiraj Mishra · textlocallinux

https://www.exploit-db.com/exploits/44842

View Code ZIP pw:eip

metasploit WORKING POC

by Dhiraj Mishra, Hardik Mehta, Zubin Devnani, Manuel Caballero · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/webkitplus.rb

View Code ZIP pw:eip

References (5)

[Issue Tracking, Patch, Vendor Advisory] https://bugs.webkit.org/show_bug.cgi?id=186164

[Exploit, Issue Tracking, Third Party Advisory] https://bugzilla.gnome.org/show_bug.cgi?id=795740

[Third Party Advisory] https://security.gentoo.org/glsa/201808-04

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44842/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44876/

Scores

CVSS v3 7.5

EPSS 0.7535

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (1)

webkitgtk/webkitgtk\+ < 2.21.3

Published Jun 01, 2018

Tracked Since Feb 18, 2026