Multiple vulnerabilities in WebKitGTK+ and WPE WebKit



Published: 2021-11-01
Risk High
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2021-42762
CVE-2021-30846
CVE-2021-30848
CVE-2021-30849
CVE-2021-30851
CWE-ID CWE-264
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
WebKitGTK+
Server applications / Frameworks for developing and running applications

WPE WebKit
Server applications / Frameworks for developing and running applications

Vendor WebKitGTK
WPE WebKit

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Security restrictions bypass

EUVDB-ID: #VU57811

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-42762

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists in BubblewrapLauncher.cpp due to application allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox. A local user can abuse the VFS syscalls that manipulate its filesystem namespace and bypass implemented security restrictions. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.33.1 - 2.34.0

WPE WebKit: 2.33.1 - 2.34.0


CPE2.3 External links

http://bugs.webkit.org/show_bug.cgi?id=231479
http://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
http://www.openwall.com/lists/oss-security/2021/10/26/9
http://www.openwall.com/lists/oss-security/2021/10/27/1
http://www.openwall.com/lists/oss-security/2021/10/27/2
http://www.openwall.com/lists/oss-security/2021/10/27/4
http://www.debian.org/security/2021/dsa-4996
http://www.debian.org/security/2021/dsa-4995
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5J2LZQTDX53DNSKSGU7TQYCO2HKSTY4/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Memory corruption

EUVDB-ID: #VU56730

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-30846

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

WPE WebKit: 2.33.1 - 2.33.90

WebKitGTK+: 2.33.1 - 2.33.90


CPE2.3 External links

http://webkitgtk.org/security/WSA-2021-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Memory corruption

EUVDB-ID: #VU56731

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-30848

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

WPE WebKit: 2.32.0 - 2.32.3

WebKitGTK+: 2.32.0 - 2.32.3


CPE2.3 External links

http://webkitgtk.org/security/WSA-2021-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Memory corruption

EUVDB-ID: #VU56732

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-30849

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

WPE WebKit: 2.32.0 - 2.32.3

WebKitGTK+: 2.32.0 - 2.32.3


CPE2.3 External links

http://webkitgtk.org/security/WSA-2021-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Memory corruption

EUVDB-ID: #VU56733

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-30851

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

WPE WebKit: 2.33.1 - 2.33.90

WebKitGTK+: 2.33.1 - 2.33.90


CPE2.3 External links

http://webkitgtk.org/security/WSA-2021-0006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###