Details of VAR-202108-2172

ID

VAR-202108-2172

CVE

CVE-2021-30858

TITLE

Apple macOS Big Sur Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202108-1951

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. For the oldstable distribution (buster), this problem has been fixed in version 2.32.4-1~deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 2.32.4-1~deb11u1. We recommend that you upgrade your webkit2gtk packages. ========================================================================== Ubuntu Security Notice USN-5087-1 September 22, 2021 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in WebKitGTK. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: libjavascriptcoregtk-4.0-18 2.32.4-0ubuntu0.21.04.1 libwebkit2gtk-4.0-37 2.32.4-0ubuntu0.21.04.1 Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.32.4-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.32.4-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.32.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 2.32.4-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-23-1 iOS 12.5.5 iOS 12.5.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212824. CoreGraphics Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Description: An integer overflow was addressed with improved input validation. CVE-2021-30860: The Citizen Lab WebKit Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30858: an anonymous researcher XNU Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges. CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be "12.5.5" Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFMwTMACgkQeC9qKD1p rhgcXBAAyiXSTr7W8qmZJBjvLtLCHgFktFKHCjlufFKhQprFBUTWFgvYbqKLBg5w WHR9AqL+QUDtyybsf/STlITmcy7FtOlr1Ru/B9tVR/BKAS/8e2ngOVKcY2ska7Pb SuPsiyc9UI1VdxDZBkVfbTbDj3YMKOrK1ORK4UMDISU6bAbwMqFpriV9vCijk2Xh F7PFFlt9NwknUcuEEm7wT//hyLgZFx6mefFxTuBqKaHbHgCoAB6SJrCCHP2kU9rY +6IVq0xLEzEG5NNw/rQ/Xq0HVoNQiprQSCsSlwSgvuj/F9IdIcT+n0rdevK5wpIJ wlvKq0WG0Zumeq/vkpKtfB07nlsHmMOGldyRlGKd6xKcX3hM5Z3uFAvHQl6GByFx ALTfA7xcHKCNH6TBaAeAJIFOzDLDYghp4vsIEgnj1cZwc8IVQ0bAAgRgoQOXgwic 2IS9la1JmxG8/AzAWp9rSRMdQG8AvSaJFCS8sLjaprwC4d6MVESkJiJwEodx/x/g 6x4U1mP31UJARdlGDW3IZL7vbVr06Tv4fsF6sVxrtoDL8nDYp+bD0Qz67J9M0thx 08Ua7+lBw/sXIRhZMLJL5yxSQUPUBUIbWtWzZneDZWripUnL3WV3+mph68N6KnDz ORv11TKhITXpDkKV9VhMnBBAGw9oipBapqhNup6dYwpdPp4+M5g= =mQdQ -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: webkit2gtk3 security update Advisory ID: RHSA-2021:4686-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4686 Issue date: 2021-11-16 CVE Names: CVE-2021-30858 ===================================================================== 1. Summary: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30858) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: webkit2gtk3-2.24.4-4.el8_1.src.rpm aarch64: webkit2gtk3-2.24.4-4.el8_1.aarch64.rpm webkit2gtk3-debuginfo-2.24.4-4.el8_1.aarch64.rpm webkit2gtk3-debugsource-2.24.4-4.el8_1.aarch64.rpm webkit2gtk3-devel-debuginfo-2.24.4-4.el8_1.aarch64.rpm webkit2gtk3-jsc-2.24.4-4.el8_1.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.24.4-4.el8_1.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.24.4-4.el8_1.aarch64.rpm webkit2gtk3-plugin-process-gtk2-2.24.4-4.el8_1.aarch64.rpm webkit2gtk3-plugin-process-gtk2-debuginfo-2.24.4-4.el8_1.aarch64.rpm ppc64le: webkit2gtk3-2.24.4-4.el8_1.ppc64le.rpm webkit2gtk3-debuginfo-2.24.4-4.el8_1.ppc64le.rpm webkit2gtk3-debugsource-2.24.4-4.el8_1.ppc64le.rpm webkit2gtk3-devel-2.24.4-4.el8_1.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.24.4-4.el8_1.ppc64le.rpm webkit2gtk3-jsc-2.24.4-4.el8_1.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.24.4-4.el8_1.ppc64le.rpm webkit2gtk3-jsc-devel-2.24.4-4.el8_1.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.24.4-4.el8_1.ppc64le.rpm webkit2gtk3-plugin-process-gtk2-2.24.4-4.el8_1.ppc64le.rpm webkit2gtk3-plugin-process-gtk2-debuginfo-2.24.4-4.el8_1.ppc64le.rpm s390x: webkit2gtk3-2.24.4-4.el8_1.s390x.rpm webkit2gtk3-debuginfo-2.24.4-4.el8_1.s390x.rpm webkit2gtk3-debugsource-2.24.4-4.el8_1.s390x.rpm webkit2gtk3-devel-debuginfo-2.24.4-4.el8_1.s390x.rpm webkit2gtk3-jsc-2.24.4-4.el8_1.s390x.rpm webkit2gtk3-jsc-debuginfo-2.24.4-4.el8_1.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.24.4-4.el8_1.s390x.rpm webkit2gtk3-plugin-process-gtk2-2.24.4-4.el8_1.s390x.rpm webkit2gtk3-plugin-process-gtk2-debuginfo-2.24.4-4.el8_1.s390x.rpm x86_64: webkit2gtk3-2.24.4-4.el8_1.i686.rpm webkit2gtk3-2.24.4-4.el8_1.x86_64.rpm webkit2gtk3-debuginfo-2.24.4-4.el8_1.i686.rpm webkit2gtk3-debuginfo-2.24.4-4.el8_1.x86_64.rpm webkit2gtk3-debugsource-2.24.4-4.el8_1.i686.rpm webkit2gtk3-debugsource-2.24.4-4.el8_1.x86_64.rpm webkit2gtk3-devel-2.24.4-4.el8_1.i686.rpm webkit2gtk3-devel-2.24.4-4.el8_1.x86_64.rpm webkit2gtk3-devel-debuginfo-2.24.4-4.el8_1.i686.rpm webkit2gtk3-devel-debuginfo-2.24.4-4.el8_1.x86_64.rpm webkit2gtk3-jsc-2.24.4-4.el8_1.i686.rpm webkit2gtk3-jsc-2.24.4-4.el8_1.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.24.4-4.el8_1.i686.rpm webkit2gtk3-jsc-debuginfo-2.24.4-4.el8_1.x86_64.rpm webkit2gtk3-jsc-devel-2.24.4-4.el8_1.i686.rpm webkit2gtk3-jsc-devel-2.24.4-4.el8_1.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.24.4-4.el8_1.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.24.4-4.el8_1.x86_64.rpm webkit2gtk3-plugin-process-gtk2-2.24.4-4.el8_1.i686.rpm webkit2gtk3-plugin-process-gtk2-2.24.4-4.el8_1.x86_64.rpm webkit2gtk3-plugin-process-gtk2-debuginfo-2.24.4-4.el8_1.i686.rpm webkit2gtk3-plugin-process-gtk2-debuginfo-2.24.4-4.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-30858 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYZO5ctzjgjWX9erEAQhJ+xAAj1d/Mwsit142j1c3uKa/qKMLvgEiZoJk lrfsrDTjMH6tduT5vj956Povv43dU1MFfODJLCvelRhy3a+cWdjXJ+YjPAWOllCm 4r37sWQLN8GjutMKIKR59snwJKGZoM5q26D1UTNgpXh1j41dPuASQGJWMOL+velF wK+hYKOOcYJ5R6eX2IHSmqsEpP6yjUpCKs5LAxk9faDDWDh056zUwkMpYcZ6OyQ7 KHc+Kyja967+54Ts5fUwvb73rnqjfpKFZNhYy91lQxh6Isp370KcevrLq5fABaRy s6QQNWaS6V+bHV9yCOlvD7j5Q++Dg/xPy9H3/h7n5S9Ue56bTy/KE48qSOpqZ7I3 7ME6bfvuukRAb5G7KhKtNh2+zTKqeUhB4IGPDneh0RpiIwNCF2Qap83eAJ3k+TmC nlE8Zn9HuCCNFgCBGL5+EYgQDb/9SQ5YJl0BlsNVd/mvYmhkOmOkT4zb71Ykruws bl4/9Oz3dbKeRcTkqX6zRGnVChnaDHOG/rsnSvTn+V9T4gcQsiAEOlWdfijH/+EU Di3w/7AdhWYQCQYi7wj3P6xHOf5E3VKEG9Cf1SBcmcgMZ21st3nR7bP7TqyUTHfZ FDlBQ5N2ZbAX1S2+GNR4+yUTHv3Q98om+wRDbsurUVyBk+ZphArD0KATtrKeWKLU biz3TtZHTCE= =mmU0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.8

sources: NVD: CVE-2021-30858 // VULHUB: VHN-390591 // VULMON: CVE-2021-30858 // PACKETSTORM: 169117 // PACKETSTORM: 169119 // PACKETSTORM: 164262 // PACKETSTORM: 164201 // PACKETSTORM: 164196 // PACKETSTORM: 164277 // PACKETSTORM: 164982 // PACKETSTORM: 165524

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	gte	version:	13.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.8	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	12.5.5	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	gte	version:	13.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.8	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0

sources: NVD: CVE-2021-30858

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30858
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-30858
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202108-1951
value:	HIGH
Trust: 0.6
VULHUB:	VHN-390591
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-30858
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30858
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-390591
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30858
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-390591 // VULMON: CVE-2021-30858 // CNNVD: CNNVD-202108-1951 // NVD: CVE-2021-30858 // NVD: CVE-2021-30858

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.1

sources: VULHUB: VHN-390591 // NVD: CVE-2021-30858

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 164262 // CNNVD: CNNVD-202108-1951

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202108-1951

PATCH

title:	Apple macOS Big Sur Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162838	Trust: 0.6
title:	Debian Security Advisories: DSA-4975-1 webkit2gtk -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5db54186925e9bf1d208a2b11e299b67	Trust: 0.1
title:	Debian Security Advisories: DSA-4976-1 wpewebkit -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5da73458bc4c1bfc6b9037e64c70793c	Trust: 0.1
title:	Red Hat: CVE-2021-30858	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-30858	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1747	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1747	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-30858 log	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-015	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-015	Trust: 0.1
title:	CVE-202130858 (Intended for testing on an Apple iOS device or a Sony Playstation 4 of any flavor)	url:	https://github.com/FitTerminator/CVE-202130858	Trust: 0.1
title:	CVEREV3	url:	https://github.com/KameleonReloaded/CVEREV3	Trust: 0.1
title:	CVE-202130858 (Intended for testing on an Apple iOS device or a Sony Playstation 4 of any flavor)	url:	https://github.com/FitTerminator/PS4-CVE-202130858	Trust: 0.1
title:	PS4CVE202130858	url:	https://github.com/Nazky/PS4CVE202130858	Trust: 0.1
title:	https://github.com/ChendoChap/PS5-Webkit-Execution	url:	https://github.com/ChendoChap/PS5-Webkit-Execution	Trust: 0.1
title:	NIST Bulk CVE Lookup by Jay Chen Sample output	url:	https://github.com/jaychen2/NIST-BULK-CVE-Lookup	Trust: 0.1
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/apple-patches-zero-days-attack/174988/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2021/09/13/apple_ios_macos_security_fixes/	Trust: 0.1

sources: VULMON: CVE-2021-30858 // CNNVD: CNNVD-202108-1951

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30858	Trust: 2.6
db:	OPENWALL	id:	OSS-SECURITY/2021/09/20/1	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2021/10/27/4	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2021/10/27/2	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2021/10/26/9	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2021/10/27/1	Trust: 1.8
db:	PACKETSTORM	id:	165524	Trust: 0.8
db:	PACKETSTORM	id:	164982	Trust: 0.8
db:	PACKETSTORM	id:	164748	Trust: 0.7
db:	PACKETSTORM	id:	164262	Trust: 0.7
db:	PACKETSTORM	id:	164201	Trust: 0.7
db:	PACKETSTORM	id:	164277	Trust: 0.7
db:	CS-HELP	id:	SB2021092018	Trust: 0.6
db:	CS-HELP	id:	SB2022011153	Trust: 0.6
db:	CS-HELP	id:	SB2021111716	Trust: 0.6
db:	CS-HELP	id:	SB2021092803	Trust: 0.6
db:	CS-HELP	id:	SB2022011401	Trust: 0.6
db:	CS-HELP	id:	SB2021091322	Trust: 0.6
db:	CS-HELP	id:	SB2021092317	Trust: 0.6
db:	CS-HELP	id:	SB2021110314	Trust: 0.6
db:	CS-HELP	id:	SB2021100415	Trust: 0.6
db:	PACKETSTORM	id:	164242	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3103	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3333	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3161	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3400	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3654	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3212	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0100	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3914	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3198	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0382	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-1951	Trust: 0.6
db:	PACKETSTORM	id:	165517	Trust: 0.1
db:	VULHUB	id:	VHN-390591	Trust: 0.1
db:	VULMON	id:	CVE-2021-30858	Trust: 0.1
db:	PACKETSTORM	id:	169117	Trust: 0.1
db:	PACKETSTORM	id:	169119	Trust: 0.1
db:	PACKETSTORM	id:	164196	Trust: 0.1

sources: VULHUB: VHN-390591 // VULMON: CVE-2021-30858 // PACKETSTORM: 169117 // PACKETSTORM: 169119 // PACKETSTORM: 164262 // PACKETSTORM: 164201 // PACKETSTORM: 164196 // PACKETSTORM: 164277 // PACKETSTORM: 164982 // PACKETSTORM: 165524 // CNNVD: CNNVD-202108-1951 // NVD: CVE-2021-30858

REFERENCES

url:	https://support.apple.com/en-us/ht212804	Trust: 2.4
url:	https://www.debian.org/security/2021/dsa-4975	Trust: 1.9
url:	https://support.apple.com/en-us/ht212807	Trust: 1.9
url:	https://support.apple.com/kb/ht212824	Trust: 1.8
url:	https://www.debian.org/security/2021/dsa-4976	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/sep/25	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/sep/27	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/sep/29	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/sep/38	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/sep/39	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/sep/50	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/09/20/1	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/10/26/9	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/10/27/1	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/10/27/2	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/10/27/4	Trust: 1.8
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bo6dmthzr57jdboxpsnr2mkdmcrwv265/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xynv7ask4lqvaumjxnxbs3z7rvdq2n3w/	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30858	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2021-30858	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bo6dmthzr57jdboxpsnr2mkdmcrwv265/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xynv7ask4lqvaumjxnxbs3z7rvdq2n3w/	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2022.0100	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0382	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021111716	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021091322	Trust: 0.6
url:	https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-multiple-vulnerabilities-36750	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011401	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3198	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3654	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-two-vulnerabilities-36384	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092803	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3212	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3333	Trust: 0.6
url:	https://packetstormsecurity.com/files/164242/apple-security-advisory-2021-09-20-6.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/164262/ubuntu-security-notice-usn-5087-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/164277/apple-security-advisory-2021-09-23-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/164982/red-hat-security-advisory-2021-4686-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3914	Trust: 0.6
url:	https://packetstormsecurity.com/files/164201/apple-security-advisory-2021-09-13-5.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht212824	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021110314	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092317	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092018	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021100415	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3103	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3400	Trust: 0.6
url:	https://packetstormsecurity.com/files/164748/red-hat-security-advisory-2021-4097-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011153	Trust: 0.6
url:	https://packetstormsecurity.com/files/165524/red-hat-security-advisory-2022-0075-03.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3161	Trust: 0.6
url:	https://support.apple.com/kb/ht201222	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://www.debian.org/security/faq	Trust: 0.2
url:	https://www.debian.org/security/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30860	Trust: 0.2
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://github.com/fitterminator/cve-202130858	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://alas.aws.amazon.com/al2/alas-2022-1747.html	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/wpewebkit	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/webkit2gtk	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5087-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.4-0ubuntu0.18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.4-0ubuntu0.21.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.4-0ubuntu0.20.04.1	Trust: 0.1
url:	https://support.apple.com/ht212808.	Trust: 0.1
url:	https://support.apple.com/ht212804.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30869	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1
url:	https://support.apple.com/ht212824.	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4686	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0075	Trust: 0.1

CREDITS

Apple

Trust: 0.3

sources: PACKETSTORM: 164201 // PACKETSTORM: 164196 // PACKETSTORM: 164277

SOURCES

db:	VULHUB	id:	VHN-390591
db:	VULMON	id:	CVE-2021-30858
db:	PACKETSTORM	id:	169117
db:	PACKETSTORM	id:	169119
db:	PACKETSTORM	id:	164262
db:	PACKETSTORM	id:	164201
db:	PACKETSTORM	id:	164196
db:	PACKETSTORM	id:	164277
db:	PACKETSTORM	id:	164982
db:	PACKETSTORM	id:	165524
db:	CNNVD	id:	CNNVD-202108-1951
db:	NVD	id:	CVE-2021-30858

LAST UPDATE DATE

2025-05-17T20:27:38.549000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390591	date:	2021-12-03T00:00:00
db:	VULMON	id:	CVE-2021-30858	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202108-1951	date:	2022-01-28T00:00:00
db:	NVD	id:	CVE-2021-30858	date:	2025-04-02T16:58:58.170

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390591	date:	2021-08-24T00:00:00
db:	VULMON	id:	CVE-2021-30858	date:	2021-08-24T00:00:00
db:	PACKETSTORM	id:	169117	date:	2021-09-28T19:12:00
db:	PACKETSTORM	id:	169119	date:	2021-09-28T19:12:00
db:	PACKETSTORM	id:	164262	date:	2021-09-23T15:31:26
db:	PACKETSTORM	id:	164201	date:	2021-09-20T16:03:26
db:	PACKETSTORM	id:	164196	date:	2021-09-19T14:22:22
db:	PACKETSTORM	id:	164277	date:	2021-09-24T15:40:03
db:	PACKETSTORM	id:	164982	date:	2021-11-16T15:35:40
db:	PACKETSTORM	id:	165524	date:	2022-01-12T15:38:19
db:	CNNVD	id:	CNNVD-202108-1951	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-30858	date:	2021-08-24T19:15:14.253