PT-2020-6243 · Apple+7 · Webkitgtk+7

Icewall

Published

2020-12-10

Updated

2024-06-15

CVE-2021-21806

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WebKitGTK version 2.30.3

Description A use-after-free vulnerability exists in the WebKitGTK browser, allowing remote code execution when a victim visits a malicious web site. The issue is triggered by a specially crafted HTML web page, causing a use-after-free condition.

Recommendations For WebKitGTK version 2.30.3, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to potentially malicious web sites to minimize the risk of exploitation.

Exploit

Fix

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2021:4381

ALT-PU-2020-3512

BDU:2021-03689

CESA-2021_4381

CVE-2021-21806

DSA-4877-1

OPENSUSE-SU-2021:1369-1

OPENSUSE-SU-2021:3353-1

OPENSUSE-SU-2021_1369-1

OPENSUSE-SU-2021_3353-1

OPENSUSE-SU-2024:11506-1

RHSA-2021:4381

RHSA-2021_4381

RHSA-2025:10364

RLSA-2021:4381

SUSE-SU-2021:3282-1

SUSE-SU-2021:3296-1

SUSE-SU-2021:3353-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Suse

Webkitgtk

PT-2020-6243 · Apple+7 · Webkitgtk+7

CVE-2021-21806

Weakness Enumeration

Related Identifiers

Affected Products

References · 261