{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "14.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "7.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "14.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-30T23:06:11", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212220"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212221"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212222"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212223"}, {"name": "FEDORA-2021-864dc37032", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212323"}, {"name": "20210427 APPLE-SA-2021-04-26-6 tvOS 14.5", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Apr/55"}, {"name": "DSA-4923", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4923"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-1844", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.2"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.4"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "7.3"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.0"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT212220", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212220"}, {"name": "https://support.apple.com/en-us/HT212221", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212221"}, {"name": "https://support.apple.com/en-us/HT212222", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212222"}, {"name": "https://support.apple.com/en-us/HT212223", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212223"}, {"name": "FEDORA-2021-864dc37032", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"}, {"name": "https://support.apple.com/kb/HT212323", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212323"}, {"name": "20210427 APPLE-SA-2021-04-26-6 tvOS 14.5", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Apr/55"}, {"name": "DSA-4923", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4923"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:25:05.830Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212220"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212221"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212222"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212223"}, {"name": "FEDORA-2021-864dc37032", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212323"}, {"name": "20210427 APPLE-SA-2021-04-26-6 tvOS 14.5", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Apr/55"}, {"name": "DSA-4923", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4923"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-1844", "datePublished": "2021-04-02T18:07:12", "dateReserved": "2020-12-08T00:00:00", "dateUpdated": "2024-08-03T16:25:05.830Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "B785B3FD-A576-4AF5-8500-D1D08D0F4910", "versionEndExcluding": "14.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "86ABF921-40E8-4E64-A660-FD701FF3A28B", "versionEndExcluding": "14.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "178AE56C-9561-4750-9956-7CCC4E9F0590", "versionEndExcluding": "14.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C186CD0A-4A01-481B-A2C4-0B1662BB79BB", "versionEndExcluding": "11.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5B77841-F161-47AB-8043-3E0346E3AA25", "versionEndExcluding": "14.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E57CE62-4568-4B9C-ADC1-E9E03FAF8998", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution."}, {"lang": "es", "value": "Se abord\u00f3 un problema de corrupci\u00f3n de memoria con una comprobaci\u00f3n mejorada.&#xa0;Este problema es corregido en iOS versi\u00f3n 14.4.1 y iPadOS versi\u00f3n 14.4.1, Safari versi\u00f3n 14.0.3 (versiones v.14610.4.3.1.7 y 15610.4.3.1.7), watchOS versi\u00f3n 7.3.2, macOS Big Sur versi\u00f3n 11.2.3.&#xa0;El procesamiento de contenido web dise\u00f1ado malicioso puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria."}], "id": "CVE-2021-1844", "lastModified": "2023-11-07T03:28:52.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-02T19:15:20.477", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Apr/55"}, {"source": "product-security@apple.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212220"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212221"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212222"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212223"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT212323"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4923"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:4381", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.32.3-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: Memory corruption issue leading to arbitrary code execution", "id": "1944862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944862"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.", "A memory corruption issue was found in WebKitGTK and WPE WebKit in versions prior to 2.32.0. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2021-1844", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-03-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-1844\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-1844\nhttps://webkitgtk.org/security/WSA-2021-0003.html"], "threat_severity": "Moderate", "upstream_fix": "webkitgtk 2.32.0"}