First Last Prev Next    This bug is not in your last search results.
Bug 1188294 - (CVE-2021-21806) VUL-0: CVE-2021-21806: webkit2gtk3: fireEventListeners use-after-free vulnerability
(CVE-2021-21806)
VUL-0: CVE-2021-21806: webkit2gtk3: fireEventListeners use-after-free vulnera...
Status: RESOLVED DUPLICATE of bug 1188697
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/303970/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-07-14 06:45 UTC by Alexander Bergmann
Modified: 2021-07-26 10:12 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2021-07-14 06:45:45 UTC 
CVE-2021-21806

An exploitable use-after-free vulnerability exists in WebKitGTK browser version
2.30.3 x64. A specially crafted HTML web page can cause a use-after-free
condition, resulting in remote code execution. The victim needs to visit a
malicious web site to trigger the vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21806
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
Comment 1 Alexander Bergmann 2021-07-14 06:48:00 UTC 
There is currently no security advisory at WebKitGTK mentioning this issue.

https://webkitgtk.org/security.html

It is unclear which version fixes this issue.
Comment 2 Robert Frohl 2021-07-26 10:12:06 UTC 
closing as duplicate in favor of bsc#1188697

*** This bug has been marked as a duplicate of bug 1188697 ***
First Last Prev Next    This bug is not in your last search results.