CVE-2021-30846

Summary

CVE	CVE-2021-30846
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-10-19 14:15:00 UTC
Updated	2023-11-07 03:33:00 UTC
Description	A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Ipados	All	All	All	All
Operating System	Apple	Iphone Os	All	All	All	All
Operating System	Apple	Macos	All	All	All	All
Application	Apple	Safari	All	All	All	All
Operating System	Apple	Tvos	All	All	All	All
Operating System	Apple	Watchos	All	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All

References

Reference	Source	Link	Tags
Full Disclosure: APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15	FULLDISC	seclists.org
About the security content of tvOS 15 - Apple Support	MISC	support.apple.com
About the security content of iOS 15 and iPadOS 15 - Apple Support	MISC	support.apple.com
oss-security - Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006	MLIST	www.openwall.com
[SECURITY] Fedora 33 Update: webkit2gtk3-2.34.1-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
About the security content of Safari 15 - Apple Support	MISC	support.apple.com
About the security content of watchOS 8 - Apple Support	MISC	support.apple.com
Debian -- Security Information -- DSA-4995-1 webkit2gtk	DEBIAN	www.debian.org
oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006	MLIST	www.openwall.com
Full Disclosure: APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15	FULLDISC	seclists.org
[SECURITY] Fedora 34 Update: webkit2gtk3-2.34.1-1.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Full Disclosure: APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8	FULLDISC	seclists.org
Full Disclosure: APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15	FULLDISC	seclists.org
oss-security - Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006	MLIST	www.openwall.com
[SECURITY] Fedora 33 Update: webkit2gtk3-2.34.1-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
oss-security - Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006	MLIST	www.openwall.com
About the security content of macOS Monterey 12.0.1 - Apple Support	CONFIRM	support.apple.com
About the security content of iOS 14.8 and iPadOS 14.8 - Apple Support	MISC	support.apple.com
Debian -- Security Information -- DSA-4996-1 wpewebkit	DEBIAN	www.debian.org
[SECURITY] Fedora 34 Update: webkit2gtk3-2.34.1-1.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159799 Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2022-1777)
178857 Debian Security Update for webkit2gtk (DSA 4995-1)
178858 Debian Security Update for wpewebkit (DSA 4996-1)
183693 Debian Security Update for webkit2gtkwpewebkit (CVE-2021-30846)
198555 Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-5127-1)
240305 Red Hat Update for webkit2gtk3 security (RHSA-2022:1777)
282041 Fedora Security Update for webkit2gtk3 (FEDORA-2021-483d896d1d)
282042 Fedora Security Update for webkit2gtk3 (FEDORA-2021-131360fa9a)
296061 Oracle Solaris 11.4 Support Repository Update (SRU) 42.113.1 Missing (CPUJAN2022)
354436 Amazon Linux Security Advisory for webkit2gtk3 : ALAS2022-2022-015
355438 Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2023-2088
375878 Apple Safari Multiple Vulnerabilities (HT212816)
502198 Alpine Linux Security Update for webkit2gtk
502395 Alpine Linux Security Update for webkit2gtk
505523 Alpine Linux Security Update for webkit2gtk
610370 Apple iOS 15 and iPadOS 15 Security Update Missing
710570 Gentoo Linux WebkitGTK+ Multiple Vulnerabilities (GLSA 202202-01)
751392 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2021:3769-1)
751418 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2021:3861-1)
751440 OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2021:3874-1)
751521 OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2021:1557-1)
751623 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0142-1)
751646 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0183-1)
751648 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0182-1)
751659 OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2022:0182-1)
751755 OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2022:0182-2)
940505 AlmaLinux Security Update for webkit2gtk3 (ALSA-2022:1777)