CVE-2021-1844

CVE-2021-1844

Name

CVE-2021-1844

Description

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://support.apple.com/en-us/HT212222
Vendor Advisory	https://support.apple.com/en-us/HT212223
Vendor Advisory	https://support.apple.com/en-us/HT212220
Vendor Advisory	https://support.apple.com/en-us/HT212221
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
Vendor Advisory	https://support.apple.com/kb/HT212323
Mailing List	http://seclists.org/fulldisclosure/2021/Apr/55
DEBIAN	https://www.debian.org/security/2021/dsa-4923

Type

URI

Vendor Advisory

https://support.apple.com/en-us/HT212222

Vendor Advisory

https://support.apple.com/en-us/HT212223

Vendor Advisory

https://support.apple.com/en-us/HT212220

Vendor Advisory

https://support.apple.com/en-us/HT212221

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/

Vendor Advisory

https://support.apple.com/kb/HT212323

Mailing List

http://seclists.org/fulldisclosure/2021/Apr/55

DEBIAN

https://www.debian.org/security/2021/dsa-4923

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:apple:safari::::::::`	safari	>= None	< 14.0.3
`cpe:2.3:o:apple:ipad_os::::::::`	ipad_os	>= None	< 14.4.1
`cpe:2.3:o:apple:iphone_os::::::::`	iphone_os	>= None	< 14.4.1
`cpe:2.3:o:apple:mac_os_x::::::::`	mac_os_x	>= None	< 11.2.3
`cpe:2.3:o:apple:watchos::::::::`	watchos	>= None	< 7.3.2
`cpe:2.3:o:apple:macos::::::::`	macos	>= None	< 11.2.3
`cpe:2.3:o:apple:tvos::::::::`	tvos	>= None	< 14.5

CPE URI

Source package

Min version

Max version

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

safari

>= None

< 14.0.3

cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*

ipad_os

>= None

< 14.4.1

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

iphone_os

>= None

< 14.4.1

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

mac_os_x

>= None

< 11.2.3

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

watchos

>= None

< 7.3.2

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

macos

>= None

< 11.2.3

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

tvos

>= None

< 14.5

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
webkit2gtk	edge-community	2.32.0-r0	Rasmus Thomsen <oss@cogitri.dev>	fixed
webkit2gtk	3.20-community	2.32.0-r0	None	fixed
webkit2gtk	3.19-community	2.32.0-r0	None	fixed
webkit2gtk	3.18-community	2.32.0-r0	None	fixed
webkit2gtk	3.17-community	2.32.0-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

webkit2gtk

edge-community

2.32.0-r0

Rasmus Thomsen <oss@cogitri.dev>

fixed

webkit2gtk

3.20-community