CVE-2017-17821

Priority
Description
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology
Preview Release 46, allows remote attackers to cause a denial of service
(buffer overflow) or possibly have unspecified other impact because it
calls the FastBitVectorWordOwner::resizeSlow function (in
WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a
bitvector size, and resizeSlow mishandles cases where the old array length
is greater than the new array length.
Notes
 jdstrand> webkit receives limited support. For details, see
 https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit
 jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
 mdeslaur> as of 2018-03-19, no details if this affects webkit2gtk
 mdeslaur> This still wasn't mentioned in webkit2gtk advisories as of
 mdeslaur> 2018-04-04, so marking as not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):needs-triage
Ubuntu 19.04 (Disco Dingo):needs-triage
Patches:
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):needs-triage
Ubuntu 19.04 (Disco Dingo):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):needs-triage
Ubuntu 19.04 (Disco Dingo):DNE
More Information

Updated: 2019-01-14 21:25:13 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)