CVE-2023-38592
Description
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description webkitgtk: Processing web content may lead to arbitrary code execution CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4-0:2.48.3-2.el7_9RHSA-2025:103642025-07-07T00:00:00Z Red Hat Enterprise Linuxβ¦
Description
webkitgtk: Processing web content may lead to arbitrary code execution
CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | webkitgtk4-0:2.48.3-2.el7_9 | RHSA-2025:10364 | 2025-07-07T00:00:00Z |
| Red Hat Enterprise Linux 8 | webkit2gtk3-0:2.40.5-1.el8 | RHSA-2023:7055 | 2023-11-14T00:00:00Z |
| Red Hat Enterprise Linux 9 | webkit2gtk3-0:2.40.5-1.el9 | RHSA-2023:6535 | 2023-11-07T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | webkitgtk | Out of support scope |
| Red Hat Enterprise Linux 7 | webkitgtk3 | Affected |
Apply commands
yum update -y webkitgtk4
# or:
dnf upgrade -y webkitgtk4Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 7 | Affected |
OS impact
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | webkit2gtk3-jsc-devel-2.40.5-1.el9.aarch64.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.40.5-1 |
| sid | Fixed | 2.40.5-1 |
| forky | Fixed | 2.40.5-1 |
| bullseye | Fixed | 2.40.5-1~deb11u1 |
| bookworm | Fixed | 2.40.5-1~deb12u1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2023:6535
- https://security-tracker.debian.org/tracker/CVE-2023-38592
- https://access.redhat.com/errata/RHSA-2023:7055
- https://bugzilla.redhat.com/2224608
- https://bugzilla.redhat.com/2231015
- https://bugzilla.redhat.com/2231017
- https://bugzilla.redhat.com/2231018
- https://bugzilla.redhat.com/2231019
- https://bugzilla.redhat.com/2231020
- https://bugzilla.redhat.com/2231021
- https://bugzilla.redhat.com/2231022
- https://bugzilla.redhat.com/2231028
- https://bugzilla.redhat.com/2231043
- https://bugzilla.redhat.com/2236842
- https://bugzilla.redhat.com/2236843
- https://bugzilla.redhat.com/2236844
- https://bugzilla.redhat.com/2238943
- https://bugzilla.redhat.com/2238944
- https://bugzilla.redhat.com/2238945
- https://bugzilla.redhat.com/2241405
- https://bugzilla.redhat.com/2241409
- https://errata.almalinux.org/8/ALSA-2023-7055.html
- https://errata.almalinux.org/9/ALSA-2023-6535.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.