Login Sign Up

CVE-2022-30293

7.5 HIGH
Remote Code Execution

📋 TL;DR

A heap-based buffer overflow vulnerability in WebKitGTK's TextureMapperLayer component allows memory corruption when processing malicious web content. This affects applications using WebKitGTK 2.36.0 and earlier, potentially leading to arbitrary code execution. Users of browsers or applications built with WebKitGTK on Linux systems are primarily affected.

💻 Affected Systems

Products:
  • WebKitGTK
  • WPE WebKit
  • Applications using WebKitGTK (Epiphany browser, GNOME Web, etc.)
Versions: WebKitGTK through 2.36.0
Operating Systems: Linux distributions using WebKitGTK
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using the vulnerable WebKitGTK version is affected when rendering web content.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Webkitgtk by Webkitgtk

View all CVEs affecting Webkitgtk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the WebKitGTK process, potentially leading to full system compromise if the process runs with elevated privileges.

🟠

Likely Case

Application crash (denial of service) or limited code execution within the sandboxed browser context.

🟢

If Mitigated

Application crash with no further impact if proper sandboxing and privilege separation are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website) but no authentication. Public technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: WebKitGTK 2.36.1 and later

Vendor Advisory: https://webkitgtk.org/security/WSA-2022-0005.html

Restart Required: Yes

Instructions:

1. Update WebKitGTK package using your distribution's package manager. 2. Restart affected applications. 3. For embedded systems, rebuild with patched version.

🔧 Temporary Workarounds

Disable JavaScript

linux

Disable JavaScript in affected browsers to prevent exploitation via malicious web content.

Use alternative browser

linux

Temporarily use browsers not based on WebKitGTK (Firefox, Chromium) until patched.

🧯 If You Can't Patch

  • Implement network filtering to block access to untrusted websites
  • Run WebKitGTK applications with reduced privileges using sandboxing (bubblewrap, firejail)

🔍 How to Verify

Check if Vulnerable:

Check WebKitGTK version: `pkg-config --modversion webkit2gtk-4.0` or `webkit2gtk-4.0 --version`. Versions ≤2.36.0 are vulnerable.

Check Version:

pkg-config --modversion webkit2gtk-4.0

Verify Fix Applied:

Verify version is ≥2.36.1 using same commands. Test with known safe websites to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes in WebKitGTK processes
  • Segmentation fault errors in system logs

Network Indicators:

  • Unusual outbound connections from browser processes
  • Requests to known malicious domains

SIEM Query:

process_name:"epiphany" OR process_name:"webkit" AND (event_type:"crash" OR signal:"SIGSEGV")

📊 Metadata

CVE ID: CVE-2022-30293
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: May 6, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-30293, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)