Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-30858

Опубликовано: 20 сент. 2021
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

A flaw was found in webkitgtk. This flaw could allow an attacker to use maliciously crafted web content leading to arbitrary code execution.

Отчет

This flaw is rated as having Moderate impact considering the ability of an attacker to perform arbitrary code execution is limited to cases where a web browser is involved. Red Hat expects customers to not feed untrusted input into WebKit.

Меры по смягчению последствий

This flaw can be mitigated by either disabling JavaScript or by disabling IndexedDB

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6webkitgtkAffected
Red Hat Enterprise Linux 7webkitgtk3Will not fix
Red Hat Enterprise Linux 9webkit2gtk3Not affected
Red Hat Enterprise Linux 7webkitgtk4FixedRHSA-2022:005911.01.2022
Red Hat Enterprise Linux 8webkit2gtk3FixedRHSA-2021:409702.11.2021
Red Hat Enterprise Linux 8.1 Extended Update Supportwebkit2gtk3FixedRHSA-2021:468616.11.2021
Red Hat Enterprise Linux 8.2 Extended Update Supportwebkit2gtk3FixedRHSA-2022:007511.01.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2006099webkitgtk: Use-after-free leading to arbitrary code execution

EPSS

Процентиль: 76%
0.01026
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-30858

CVSS3: 8.8
ubuntu
почти 4 года назад

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

nvd логотип

CVE-2021-30858

CVSS3: 8.8
nvd
почти 4 года назад

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

debian логотип

CVE-2021-30858

CVSS3: 8.8
debian
почти 4 года назад

A use after free issue was addressed with improved memory management. ...

rocky логотип

RLSA-2021:4097

rocky
больше 3 лет назад

Moderate: webkit2gtk3 security and bug fix update

oracle-oval логотип

ELSA-2022-0059

oracle-oval
больше 3 лет назад

ELSA-2022-0059: webkitgtk4 security update (MODERATE)

EPSS

Процентиль: 76%
0.01026
Низкий

8.8 High

CVSS3