CVE-2021-1844

Name
CVE-2021-1844
Description
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://support.apple.com/en-us/HT212222
Vendor Advisory https://support.apple.com/en-us/HT212223
Vendor Advisory https://support.apple.com/en-us/HT212220
Vendor Advisory https://support.apple.com/en-us/HT212221
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
Vendor Advisory https://support.apple.com/kb/HT212323
Mailing List http://seclists.org/fulldisclosure/2021/Apr/55
DEBIAN https://www.debian.org/security/2021/dsa-4923

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* safari >= None < 14.0.3
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* ipad_os >= None < 14.4.1
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* iphone_os >= None < 14.4.1
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* mac_os_x >= None < 11.2.3
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* watchos >= None < 7.3.2
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* macos >= None < 11.2.3
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* tvos >= None < 14.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
webkit2gtk 3.13-community 2.32.0-r0 Rasmus Thomsen <oss@cogitri.dev> fixed