CVE-2019-8720
Published: 06 March 2023
Summary
CVE-2019-8720 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Redhat Enterprise Linux Eus. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 11.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability identified as CVE-2019-8720 exists in WebKit and stems from multiple memory corruption issues classified under CWE-119. The flaw is triggered during the processing of maliciously crafted web content, and the provided description indicates that improved memory handling was implemented to resolve it. Affected software includes WebKitGTK as referenced in the associated security advisories.
An attacker can exploit the issue by serving malicious web content to a victim, requiring no special privileges but relying on user interaction such as visiting a crafted page. Successful exploitation may result in arbitrary code execution, with the CVSS 8.8 score reflecting high impact on confidentiality, integrity, and availability over a network vector.
WebKitGTK security advisory WSA-2019-0005 and related Red Hat bug reports describe the resolution through updated memory handling in patched versions. The vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, confirming observed real-world exploitation activity that warrants prioritized patching for affected WebKit-based components.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-18110
Vulnerability details
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
- CWE(s)
- KEV Date Added
- 23 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly implements memory protection mechanisms that address the multiple memory corruption issues (CWE-119) enabling arbitrary code execution in WebKit.
Requires timely application of patches that improve memory handling, directly remediating the known exploited vulnerability in WebKitGTK and similar components.
Provides malicious code detection and blocking capabilities that can intercept crafted web content before it triggers the WebKit memory corruption flaw.