vendor:
WebKit
by:
Project Zero
7,5
CVSS
HIGH
Out-of-Bounds Read
125
CWE
Product Name: WebKit
Affected Version From: WebKit nightly
Affected Version To: WebKit nightly
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Mac
2020
Out-of-Bounds Read Security Vulnerability in WebKit
There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. The PoC provided in the source code triggers an ASan log which shows a heap-buffer-overflow on address 0x61200007e474 at pc 0x0001130a7153 bp 0x7fff5463b410 sp 0x7fff5463b408.
Mitigation:
Upgrade to the latest version of WebKit to fix this vulnerability.
