Lucene search

K
redhatRedHatRHSA-2021:4686
HistoryNov 16, 2021 - 7:41 a.m.

(RHSA-2021:4686) Moderate: webkit2gtk3 security update

2021-11-1607:41:20
CWE-416
access.redhat.com
20
webkitgtk
gtk platform
use-after-free
arbitrary code execution
cve-2021-30858
security update

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.8%

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30858)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatwebkitgtk4Range≀2.28.2-3.el7
OR
redhatwebkit2gtk3Range≀2.30.4-3.el8_4
OR
redhatwebkit2gtk3-0Range≀2.24.4-4.el8_1
OR
redhatwebkit2gtk3-0Range≀2.24.4-4.el8_2
AND
redhatenterprise_linuxMatch7
OR
redhatenterprise_linuxMatch8
VendorProductVersionCPE
redhatwebkitgtk4*cpe:2.3:a:redhat:webkitgtk4:*:*:*:*:*:*:*:*
redhatwebkit2gtk3*cpe:2.3:a:redhat:webkit2gtk3:*:*:*:*:*:*:*:*
redhatwebkit2gtk3-0*cpe:2.3:a:redhat:webkit2gtk3-0:*:*:*:*:*:*:*:*
redhatenterprise_linux7cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.8%