CVE-2021-45482Use After Free in Webkitgtk

CWE-416Use After Free5 documents5 sources
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
0.0%
top 92.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WebkitgtkDebian Webkit2gtkDebian Wpewebkit
Timeline
PublishedDec 25
Latest updateDec 26

Description

In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDwebkitgtk/webkitgtk< 2.32.4
debiandebian/wpewebkit< webkit2gtk 2.32.4-1 (bookworm)
debiandebian/webkit2gtk< webkit2gtk 2.32.4-1 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-73cm-q45j-cwwr: In WebKitGTK before 22021-12-26
OSV
CVE-2021-45482: In WebKitGTK before 22021-12-25

📋Vendor Advisories

2
Red Hat
webkitgtk: use-after-free in WebCore::ContainerNode::firstChild2021-12-17
Debian
CVE-2021-45482: webkit2gtk - In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode:...2021