Vulnerability Name:

CVE-2021-21779 (CCN-202343)

Assigned:2021-05-24
Published:2021-05-24
Updated:2022-07-21
Summary:A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-416
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-21779

Source: MLIST
Type: Mailing List
[oss-security] 20210723 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0004

Source: XF
Type: UNKNOWN
apple-ios-cve202121779-code-exec(202343)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-3de956ceee

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-cf7d8c7b1a

Source: CCN
Type: Apple security document HT212528
About the security content of iOS 14.6 and iPadOS 14.6

Source: CCN
Type: Apple security document HT212529
About the security content of macOS Big Sur 11.4

Source: MISC
Type: Exploit, Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238

Source: DEBIAN
Type: Third Party Advisory
DSA-4945

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Vulnerable Configuration:Configuration 1:
  • cpe:/a:webkitgtk:webkitgtk:2.30.4:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:apple:ipados:14.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:14.5:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8033
    P
    		libjavascriptcoregtk-5_0-0-2.38.6-150400.4.39.1 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7603
    P
    		libjavascriptcoregtk-4_0-18-2.38.6-150400.4.39.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7941
    P
    		libjavascriptcoregtk-4_1-0-2.38.6-150400.4.39.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:51933
    P
    		Security update for cifs-utils (Moderate)
    2022-10-05
    oval:org.opensuse.security:def:749
    P
    		Security update for libyang (Important)
    2022-09-12
    oval:org.opensuse.security:def:6116
    P
    		Security update for webkit2gtk3 (Important) (in QA)
    2022-08-30
    oval:org.opensuse.security:def:95339
    P
    		Security update for libguestfs (Moderate)
    2022-07-28
    oval:org.opensuse.security:def:3650
    P
    		Security update for s390-tools (Important)
    2022-07-25
    oval:org.opensuse.security:def:3401
    P
    		xen-4.12.1_06-1.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3463
    P
    		cups-1.7.5-20.23.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3018
    P
    		augeas-1.10.1-2.6 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3320
    P
    		pam_yubico-2.26-1.25 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94789
    P
    		procmail-3.22-2.34 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95031
    P
    		libjavascriptcoregtk-5_0-0-2.36.0-150400.2.12 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94648
    P
    		libjavascriptcoregtk-4_0-18-2.36.0-150400.2.13 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94575
    P
    		gstreamer-1.20.1-150400.1.5 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94950
    P
    		libjavascriptcoregtk-4_1-0-2.36.0-150400.2.13 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:93115
    P
    		 (Important)
    2021-12-06
    oval:org.opensuse.security:def:100024
    P
    		 (Important)
    2021-12-06
    oval:com.redhat.rhsa:def:20214381
    P
    		RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:93268
    P
    		 (Important)
    2021-10-25
    oval:org.opensuse.security:def:101502
    P
    		Security update for java-11-openjdk (Important)
    2021-09-03
    oval:org.opensuse.security:def:10316
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:92366
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:8632
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:69516
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:99515
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:9566
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:70456
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:98929
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:92565
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:8818
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:69706
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:99714
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:9765
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:91979
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:99124
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:92764
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:9013
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:69905
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:10130
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:92174
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:99316
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:92962
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:9376
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:70270
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-17
    oval:org.opensuse.security:def:110993
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-09
    oval:org.opensuse.security:def:101288
    P
    		pam-devel-32bit-1.3.0-6.29.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:4144
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:65233
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:89429
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:32159
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:57982
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:85704
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:23945
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:51628
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:101712
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:34496
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:60319
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:88165
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:30227
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:56050
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:83434
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:125578
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:108168
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:74365
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:4208
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:65297
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:32972
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:58795
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:86125
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:26098
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:5085
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:73674
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:64552
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:88479
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:31240
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:57063
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:84187
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:126747
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:108718
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:75948
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:102052
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:5791
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:66880
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:33693
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:59516
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:86623
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:29403
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:55226
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:82610
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:117469
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:111647
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:73861
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:64739
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:89171
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:31661
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:57484
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:84646
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:127144
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:23640
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:76273
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:101480
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:67205
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:33951
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:59774
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:87436
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:30107
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:55930
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:83314
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:117682
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:107954
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:74301
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    BACK
    webkitgtk webkitgtk 2.30.4
    fedoraproject fedora 33
    fedoraproject fedora 34
    debian debian linux 10.0
    apple ipados 14.5
    apple ios 14.5
    ibm cloud pak for security 1.7.2.0