VIR Vulnerability Intelligence Relay

CVE-2021-30799

medium
Published 2021-11-09 ยท Modified 2021-11-09
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
5.5

Description

RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate)

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata โ€” Red Hat Inc. ยท View original โ†— ยท Open-Errata-API

Description webkitgtk: Memory corruptions leading to arbitrary code execution CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4-0:2.48.3-2.el7_9RHSA-2025:103642025-07-07T00:00:00Z Red Hat Enterprise Linux 8webkit2gtk3-0:2.32.3-2.el8RHSA-2021:43812021-11-09T00:00:00Zโ€ฆ

Description

webkitgtk: Memory corruptions leading to arbitrary code execution

CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 7 Extended Lifecycle Supportwebkitgtk4-0:2.48.3-2.el7_9RHSA-2025:103642025-07-07T00:00:00Z
Red Hat Enterprise Linux 8webkit2gtk3-0:2.32.3-2.el8RHSA-2021:43812021-11-09T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6webkitgtkOut of support scope
Red Hat Enterprise Linux 7webkitgtk3Out of support scope
Red Hat Enterprise Linux 9webkit2gtk3Not affected

Apply commands

bash fix
Apply RHSA-2025:10364 for Red Hat Enterprise Linux 7 Extended Lifecycle Support
yum update -y webkitgtk4
# or:
dnf upgrade -y webkitgtk4

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 9Not affected

OS impact
OSVersionStatusFixed in
arch archfixed2.32.3-1
rockylinux rocky8fixed
debian debianbookwormfixed2.32.3-1
debian debianbullseyefixed2.32.3-1
debian debianforkyfixed2.32.3-1
debian debiansidfixed2.32.3-1
debian debiantrixiefixed2.32.3-1
almalinux almalinux8fixedgnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm
redhat rhel8fixed

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.