{ "threat_severity" : "Moderate", "public_date" : "2021-12-20T00:00:00Z", "bugzilla" : { "description" : "webkitgtk: Use-after-free leading to arbitrary code execution", "id" : "2034347", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2034347" }, "cvss3" : { "cvss3_base_score" : "8.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-416", "details" : [ "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution.", "A use-after-free flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10364", "cpe" : "cpe:/o:redhat:rhel_els:7", "package" : "webkitgtk4-0:2.48.3-2.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-05-10T00:00:00Z", "advisory" : "RHSA-2022:1777", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "webkit2gtk3-0:2.34.6-1.el8" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "webkitgtk", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "webkitgtk3", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "webkit2gtk3", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-30809\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30809" ], "name" : "CVE-2021-30809", "csaw" : false }