CVE-2017-17821

Priority
Description
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology
Preview Release 46, allows remote attackers to cause a denial of service
(buffer overflow) or possibly have unspecified other impact because it
calls the FastBitVectorWordOwner::resizeSlow function (in
WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a
bitvector size, and resizeSlow mishandles cases where the old array length
is greater than the new array length.
Notes
 jdstrand> webkit receives limited support. For details, see
 https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit
 jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
 mdeslaur> as of 2018-03-19, no details if this affects webkit2gtk
 mdeslaur> This still wasn't mentioned in webkit2gtk advisories as of
 mdeslaur> 2018-04-04, so marking as not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):needs-triage
Ubuntu 19.04 (Disco Dingo):needs-triage
Ubuntu 19.10 (Eoan):needs-triage
Patches:
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):needs-triage
Ubuntu 19.04 (Disco Dingo):needs-triage
Ubuntu 19.10 (Eoan):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):needs-triage
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-04-26 14:22:03 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)