CVE-2021-1817
published 2021-09-08CVE-2021-1817: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS…
PriorityP351high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.84%
76.4th percentile
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_14.5_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 14.5 | 14.5 |
| apple | ipados | < 14.5 | 14.5 |
| apple | iphone_os | < 14.5 | 14.5 |
| apple | macos | >= 11.0 < 11.3 | 11.3 |
| apple | macos | >= unspecified < 11.3 | 11.3 |
| apple | macos_big_sur | — | — |
| apple | tvos | < 14.5 | 14.5 |
| apple | tvos | >= unspecified < 14.5 | 14.5 |
| apple | watchos | < 7.4 | 7.4 |
| apple | watchos | >= unspecified < 7.4 | 7.4 |
| debian | webkit2gtk | < webkit2gtk 2.30.1-1 (bookworm) | webkit2gtk 2.30.1-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.30.1-1 (bookworm) | webkit2gtk 2.30.1-1 (bookworm) |
| chrome_chrome | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wm9j-fw55-hv9g: A memory corruption issue was addressed with improved state management
ghsa_unreviewed·2022-05-24
CVE-2021-1817 [HIGH] CWE-787 GHSA-wm9j-fw55-hv9g: A memory corruption issue was addressed with improved state management
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.
OSV
CVE-2021-1817: A memory corruption issue was addressed with improved state management
osv·2021-09-08·CVSS 8.8
CVE-2021-1817 [HIGH] CVE-2021-1817: A memory corruption issue was addressed with improved state management
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.
Chrome
Stable Channel Update for Desktop: CVE-2023-1815
vendor_chrome·2023-04-04·CVSS 8.8
CVE-2023-1815 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-1815
Stable Channel Update for Desktop
CVE-2023-1815: Use after free in Networking APIs. Reported by DDV_UA on 2021-12-10 [$1000][ 1413919 ] Medium CVE-2023-1816: Incorrect security UI in Picture In Picture
Reported by NDevTK on 2023-02-08 [$1000][ 1418061 ] Medium CVE-2023-1817: Insufficient policy enforcement in Intents
Severity: medium
Red Hat
webkitgtk: Memory corruption leading to arbitrary code execution
vendor_redhat·2021-07-28·CVSS 8.8
CVE-2021-1817 [HIGH] CWE-20 webkitgtk: Memory corruption leading to arbitrary code execution
webkitgtk: Memory corruption leading to arbitrary code execution
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Out of support scope
Package: webkit2gtk3 (Red Hat Enterprise Linux 9) - Not affected
Apple
CVE-2021-1817: iOS 14.5 and iPadOS 14.5
vendor_apple·2021-04-26·CVSS 8.8
CVE-2021-1817 [HIGH] CVE-2021-1817: iOS 14.5 and iPadOS 14.5
Apple Security Update: About the security content of iOS 14.5 and iPadOS 14.5
Product: iOS 14.5 and iPadOS
Version: 14.5
CVE: CVE-2021-1817
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
Apple
CVE-2021-1817: macOS Big Sur 11.3
vendor_apple·2021-04-26·CVSS 8.8
CVE-2021-1817 [HIGH] CVE-2021-1817: macOS Big Sur 11.3
Apple Security Update: About the security content of macOS Big Sur 11.3
Product: macOS Big Sur
Version: 11.3
CVE: CVE-2021-1817
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
Debian
CVE-2021-1817: webkit2gtk - A memory corruption issue was addressed with improved state management. This iss...
vendor_debian·2021·CVSS 8.8
CVE-2021-1817 [HIGH] CVE-2021-1817: webkit2gtk - A memory corruption issue was addressed with improved state management. This iss...
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.
Scope: local
bookworm: resolved (fixed in 2.30.1-1)
bullseye: resolved (fixed in 2.30.1-1)
forky: resolved (fixed in 2.30.1-1)
sid: resolved (fixed in 2.30.1-1)
trixie: resolved (fixed in 2.30.1-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.apple.com/en-us/HT212317https://support.apple.com/en-us/HT212323https://support.apple.com/en-us/HT212324https://support.apple.com/en-us/HT212325https://support.apple.com/en-us/HT212317https://support.apple.com/en-us/HT212323https://support.apple.com/en-us/HT212324https://support.apple.com/en-us/HT212325
2021-09-08
Published