CVE-2019-8720
Last modified
CVE-2019-8720 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. CISA has confirmed active exploitation in the wild. EPSS estimates a 1.56% chance of exploitation in the next 30 days.
Description
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Webkitgtk | Webkitgtk | < 2.26.0 |
| Wpewebkit | Wpe Webkit | < 2.26.0 |
| Redhat | Codeready Linux Builder | 8.0 |
| Redhat | Codeready Linux Builder Eus | 8.4 |
| Redhat | Codeready Linux Builder Eus | 8.6 |
| Redhat | Codeready Linux Builder For Arm64 Eus | 8.0 |
| Redhat | Codeready Linux Builder For Arm64 Eus | 8.4 |
| Redhat | Codeready Linux Builder For Arm64 Eus | 8.6 |
| Redhat | Codeready Linux Builder For Ibm Z Systems Eus | 8.0 |
| Redhat | Codeready Linux Builder For Ibm Z Systems Eus | 8.4 |
| Redhat | Codeready Linux Builder For Ibm Z Systems Eus | 8.6 |
| Redhat | Codeready Linux Builder For Power Little Endian Eus | 8.0 |
| Redhat | Codeready Linux Builder For Power Little Endian Eus | 8.4 |
| Redhat | Codeready Linux Builder For Power Little Endian Eus | 8.6 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Eus | 8.4 |
| Redhat | Enterprise Linux Eus | 8.6 |
| Redhat | Enterprise Linux For Arm64 Eus | 8.6 |
| Redhat | Enterprise Linux For Ibm Z Systems | 7.0 |
| Redhat | Enterprise Linux For Ibm Z Systems | 8.0 |
| Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.4 |
| Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.6 |
| Redhat | Enterprise Linux For Power Big Endian | 7.0 |
| Redhat | Enterprise Linux For Power Little Endian | 7.0 |
| Redhat | Enterprise Linux For Power Little Endian | 8.0 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.4 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.6 |
| Redhat | Enterprise Linux For Scientific Computing | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 8.4 |
| Redhat | Enterprise Linux Server Aus | 8.6 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 8.4 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 8.6 |
| Redhat | Enterprise Linux Server Tus | 8.4 |
| Redhat | Enterprise Linux Server Tus | 8.6 |
| Redhat | Enterprise Linux Server Update Services For Sap Solutions | 8.4 |
| Redhat | Enterprise Linux Server Update Services For Sap Solutions | 8.6 |
| Redhat | Enterprise Linux Workstation | 7.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1876611Issue Tracking, Third Party Advisory
- https://webkitgtk.org/security/WSA-2019-0005.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1876611Issue Tracking, Third Party Advisory
- https://webkitgtk.org/security/WSA-2019-0005.htmlVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8720US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2019-8720?
How severe is CVE-2019-8720?
How do I fix CVE-2019-8720?
Are you affected by CVE-2019-8720?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST