CVE-2021-21806

CVE Details

Release Date:	2021-07-08
Impact:	None	What is this?

Description

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.

See more information about CVE-2021-21806 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	8.8
Vector String:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version:	3.0
Attack Vector:	Network
Attack Complexity:	Low
Privileges Required:	None
User Interaction:	Required
Scope:	Unchanged
Confidentiality Impact:	High
Integrity Impact:	High
Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (LibRaw)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (accountsservice)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gdm)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-autoar)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-calculator)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-control-center)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-online-accounts)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-session)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-settings-daemon)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-shell)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-shell-extensions)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-software)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gsettings-desktop-schemas)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gtk3)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (mutter)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (vino)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (webkit2gtk3)	ELSA-2021-4381	2021-11-16