839786 – (CVE-2022-29536) <www-client/epiphany-42.4: client buffer overflow via a long page title (CVE-2022-29536)

Bug 839786 (CVE-2022-29536) - <www-client/epiphany-42.4: client buffer overflow via a long page title (CVE-2022-29536)

Summary: <www-client/epiphany-42.4: client buffer overflow via a long page title (CVE-...

Status:	CONFIRMED

Alias:	CVE-2022-29536

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://gitlab.gnome.org/GNOME/epipha...
Whiteboard:	A3 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2022-04-21 07:18 UTC by filip ambroz
Modified:	2024-03-23 10:07 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description filip ambroz 2022-04-21 07:18:10 UTC

[CVE-2022-29536]
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

Comment 1 Matt Turner gentoo-dev

2022-06-17 18:24:18 UTC

All stable and cleaned.

Comment 2 John Helmert III archtester

2022-06-18 13:38:28 UTC

Thanks!