CVE-2021-1844

Description

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.

How to fix CVE-2021-1844

To remediate CVE-2021-1844, upgrade the affected package to a fixed version below.

Debian/webkit2gtk—upgrade to 2.32.0-2 or later
—upgrade to 2.32.0-2 or later

Is CVE-2021-1844 being exploited?

Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2.32.0-2
from 0, < 2.32.0-2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-1844