Search for vulnerabilities
Vulnerability details: VCID-2972-wygx-aaaa
Vulnerability ID VCID-2972-wygx-aaaa
Aliases CVE-2018-11646
Summary webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11646.html
epss 0.75346 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75346 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75346 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75346 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75346 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75346 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75346 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75346 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75346 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75346 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75346 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75346 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.75831 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.82242 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.82242 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.82242 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.82242 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.82242 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.82242 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.82242 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.82242 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.82242 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.82778 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.90744 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.90744 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.90744 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
epss 0.90744 https://api.first.org/data/v1/epss?cve=CVE-2018-11646
generic_textual Medium https://bugzilla.gnome.org/show_bug.cgi?id=795740
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11646
cvssv3 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2018-11646
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-11646
generic_textual Medium https://webkitgtk.org/security/WSA-2018-0005.html
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11646.html
https://api.first.org/data/v1/epss?cve=CVE-2018-11646
https://bugs.webkit.org/show_bug.cgi?id=186164
https://bugzilla.gnome.org/show_bug.cgi?id=795740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11646
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/201808-04
https://webkitgtk.org/security/WSA-2018-0005.html
https://www.exploit-db.com/exploits/44842/
https://www.exploit-db.com/exploits/44876/
cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*
CVE-2018-11646 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44876.rb
CVE-2018-11646 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44842.txt
CVE-2018-11646 https://nvd.nist.gov/vuln/detail/CVE-2018-11646
Data source Metasploit
Description This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service.
Note 
Stability:
  - crash-service-down
SideEffects: []
Reliability: []
Ransomware campaign use Unknown
Source publication date June 3, 2018
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/http/webkitplus.rb
Data source Exploit-DB
Date added June 5, 2018
Description WebKitGTK+ < 2.21.3 - Crash (PoC)
Ransomware campaign use Unknown
Source publication date June 5, 2018
Exploit type local
Platform linux
Source update date June 5, 2018
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-11646
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-11646
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.98813
EPSS Score 0.75346
Published At June 10, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.