CVE-2016-9643

Published: 07 March 2017

The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
qtwebkit
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

qtwebkit-opensource-src
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
needs-triage
qtwebkit-source
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was ignored [see notes])
webkit2gtk
Launchpad, Ubuntu, Debian
Upstream
Released (2.14.6)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2.16.1-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.16.1-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.16.1-1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.16.1-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

webkitgtk
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(no update available)
Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(no update available)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [no update available])
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist