Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-21806

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.

Related bugs and status

CVE-2021-21806 (Candidate) is related to these bugs:

Bug #1970779: Upgrade to 2.36.7 for Focal and Jammy

		In	Importance	Status
1970779	Upgrade to 2.36.7 for Focal and Jammy	wpewebkit (Ubuntu)	Medium	Incomplete
1970779	Upgrade to 2.36.7 for Focal and Jammy	wpewebkit (Ubuntu Jammy)	Undecided	Confirmed
1970779	Upgrade to 2.36.7 for Focal and Jammy	wpewebkit (Ubuntu Focal)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: https://talosintellige...
MLIST: [oss-security] 2021072...