CVE-2023-38592
high
CVSS v3
β
CVSS v4 NEW
β
VIR risk
8.0
Description
Important: webkit2gtk3 security and bug fix update
Predictions
Exploit likelihood
20%
Patch ETA
β
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata β Red Hat Inc. Β· View original β Β· Open-Errata-API
Description webkitgtk: Processing web content may lead to arbitrary code execution CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4-0:2.48.3-2.el7_9RHSA-2025:103642025-07-07T00:00:00Z Red Hat Enterprise Linuxβ¦
Description
webkitgtk: Processing web content may lead to arbitrary code execution
CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | webkitgtk4-0:2.48.3-2.el7_9 | RHSA-2025:10364 | 2025-07-07T00:00:00Z |
| Red Hat Enterprise Linux 8 | webkit2gtk3-0:2.40.5-1.el8 | RHSA-2023:7055 | 2023-11-14T00:00:00Z |
| Red Hat Enterprise Linux 9 | webkit2gtk3-0:2.40.5-1.el9 | RHSA-2023:6535 | 2023-11-07T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | webkitgtk | Out of support scope |
| Red Hat Enterprise Linux 7 | webkitgtk3 | Affected |
Apply commands
Apply RHSA-2025:10364 for Red Hat Enterprise Linux 7 Extended Lifecycle Support
yum update -y webkitgtk4
# or:
dnf upgrade -y webkitgtk4Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 7 | Affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| debian | bookworm | fixed | 2.40.5-1~deb12u1 |
| debian | bullseye | fixed | 2.40.5-1~deb11u1 |
| debian | forky | fixed | 2.40.5-1 |
| debian | sid | fixed | 2.40.5-1 |
| debian | trixie | fixed | 2.40.5-1 |
| almalinux | 9 | fixed | webkit2gtk3-jsc-devel-2.40.5-1.el9.aarch64.rpm |
References
- https://access.redhat.com/errata/RHSA-2023:6535
- https://security-tracker.debian.org/tracker/CVE-2023-38592
- https://access.redhat.com/errata/RHSA-2023:7055
- https://bugzilla.redhat.com/2224608
- https://bugzilla.redhat.com/2231015
- https://bugzilla.redhat.com/2231017
- https://bugzilla.redhat.com/2231018
- https://bugzilla.redhat.com/2231019
- https://bugzilla.redhat.com/2231020
- https://bugzilla.redhat.com/2231021
- https://bugzilla.redhat.com/2231022
- https://bugzilla.redhat.com/2231028
- https://bugzilla.redhat.com/2231043
- https://bugzilla.redhat.com/2236842
- https://bugzilla.redhat.com/2236843
- https://bugzilla.redhat.com/2236844
- https://bugzilla.redhat.com/2238943
- https://bugzilla.redhat.com/2238944
- https://bugzilla.redhat.com/2238945
- https://bugzilla.redhat.com/2241405
- https://bugzilla.redhat.com/2241409
- https://errata.almalinux.org/8/ALSA-2023-7055.html
- https://errata.almalinux.org/9/ALSA-2023-6535.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.