CVE-2022-42852
Description
The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description webkitgtk: memory disclosure issue was addressed with improved memory handling CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4-0:2.48.3-2.el7_9RHSA-2025:103642025-07-07T00:00:00Z Red Hat Enterprise Linuxβ¦
Description
webkitgtk: memory disclosure issue was addressed with improved memory handling
CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | webkitgtk4-0:2.48.3-2.el7_9 | RHSA-2025:10364 | 2025-07-07T00:00:00Z |
| Red Hat Enterprise Linux 8 | webkit2gtk3-0:2.38.5-1.el8 | RHSA-2023:2834 | 2023-05-16T00:00:00Z |
| Red Hat Enterprise Linux 9 | webkit2gtk3-0:2.38.5-1.el9 | RHSA-2023:2256 | 2023-05-09T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | webkitgtk | Out of support scope |
| Red Hat Enterprise Linux 7 | webkitgtk3 | Out of support scope |
Apply commands
yum update -y webkitgtk4
# or:
dnf upgrade -y webkitgtk4OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | webkit2gtk3-devel-2.38.5-1.el9.aarch64.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.38.3-1 |
| sid | Fixed | 2.38.3-1 |
| forky | Fixed | 2.38.3-1 |
| bullseye | Fixed | 2.38.3-1~deb11u1 |
| bookworm | Fixed | 2.38.3-1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2023:2256
- https://www.suse.com/security/cve/CVE-2022-42852.html
- https://security-tracker.debian.org/tracker/CVE-2022-42852
- https://access.redhat.com/errata/RHSA-2023:2834
- https://bugzilla.redhat.com/2128643
- https://bugzilla.redhat.com/2140501
- https://bugzilla.redhat.com/2140502
- https://bugzilla.redhat.com/2140503
- https://bugzilla.redhat.com/2140504
- https://bugzilla.redhat.com/2140505
- https://bugzilla.redhat.com/2156986
- https://bugzilla.redhat.com/2156987
- https://bugzilla.redhat.com/2156989
- https://bugzilla.redhat.com/2156990
- https://bugzilla.redhat.com/2156991
- https://bugzilla.redhat.com/2156992
- https://bugzilla.redhat.com/2156993
- https://bugzilla.redhat.com/2156994
- https://bugzilla.redhat.com/2167715
- https://bugzilla.redhat.com/2167716
- https://bugzilla.redhat.com/2167717
- https://bugzilla.redhat.com/2175099
- https://bugzilla.redhat.com/2175101
- https://bugzilla.redhat.com/2175103
- https://bugzilla.redhat.com/2175105
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.