CVE-2024-23252 - Vulnerability Details

Vendors	Products
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
webkit2gtk3-0:2.38.5-1.el8_8.5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:4202	2023-07-18T00:00:00Z
Red Hat Enterprise Linux 9
webkit2gtk3-0:2.38.5-1.el9_2.3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:4201	2023-07-18T00:00:00Z

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2024-23252
https://seclists.org/fulldisclosure/2024/Mar/21
https://www.cve.org/CVERecord?id=CVE-2024-23252

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-23252", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "REJECTED", "assignerShortName": "apple", "dateReserved": "2024-01-12T22:22:21.486Z", "datePublished": "2024-03-08T01:35:45.663Z", "dateUpdated": "2024-03-26T18:41:15.985Z", "dateRejected": "2024-03-26T18:41:15.985Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-03-26T18:41:15.985Z"}, "rejectedReasons": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.0 (string)

cveMetadata : { »

cveId : CVE-2024-23252 (string)

assignerOrgId : 286789f9-fbc2-4510-9f9a-43facdede74c (string)

state : REJECTED (string)

assignerShortName : apple (string)

dateReserved : 2024-01-12T22:22:21.486Z (string)

datePublished : 2024-03-08T01:35:45.663Z (string)

dateUpdated : 2024-03-26T18:41:15.985Z (string)

dateRejected : 2024-03-26T18:41:15.985Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 286789f9-fbc2-4510-9f9a-43facdede74c (string)

shortName : apple (string)

dateUpdated : 2024-03-26T18:41:15.985Z (string)

}

rejectedReasons : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. (string)

}

]

value : This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. (string)

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2023:4202", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.38.5-1.el8_8.5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-07-18T00:00:00Z"}, {"advisory": "RHSA-2023:4201", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.38.5-1.el9_2.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-07-18T00:00:00Z"}], "bugzilla": {"description": "webkit: processing malicious web content may lead to denial-of-service", "id": "2270288", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270288"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["A flaw was found in WebKit. This flaw allows an attacker to trigger a denial of service condition by convincing a victim to visit a specially crafted website."], "name": "CVE-2024-23252", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-03-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-23252\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-23252\nhttps://seclists.org/fulldisclosure/2024/Mar/21"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2023:4202 (string)

cpe : cpe:/a:redhat:enterprise_linux:8 (string)

package : webkit2gtk3-0:2.38.5-1.el8_8.5 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2023-07-18T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2023:4201 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : webkit2gtk3-0:2.38.5-1.el9_2.3 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2023-07-18T00:00:00Z (string)

}

]

bugzilla : { »

description : webkit: processing malicious web content may lead to denial-of-service (string)

id : 2270288 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2270288 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 6.5 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (string)

status : verified (string)

}

details : [ »

0 : A flaw was found in WebKit. This flaw allows an attacker to trigger a denial of service condition by convincing a victim to visit a specially crafted website. (string)

]

name : CVE-2024-23252 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : webkitgtk (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : webkitgtk3 (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : webkitgtk4 (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

]

public_date : 2024-03-07T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2024-23252 https://nvd.nist.gov/vuln/detail/CVE-2024-23252 https://seclists.org/fulldisclosure/2024/Mar/21 (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object