Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006

Related Vulnerabilities: CVE-2021-30846   CVE-2021-30848   CVE-2021-30849   CVE-2021-30851   CVE-2021-30858   CVE-2021-42762  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Salvatore Bonaccorso &lt;carnil () debian org&gt;

Date: Wed, 27 Oct 2021 06:07:39 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hi,

[dropping most other recipients]

On Tue, Oct 26, 2021 at 08:05:36PM +0100, Carlos Alberto Lopez Perez wrote:
------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory                 WSA-2021-0006
------------------------------------------------------------------------

Date reported           : October 26, 2021
Advisory ID             : WSA-2021-0006
WebKitGTK Advisory URL  : https://webkitgtk.org/security/WSA-2021-0006.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2021-0006.html
CVE identifiers         : CVE-2021-30846, CVE-2021-30848,
                          CVE-2021-30849, CVE-2021-30851,
                          CVE-2021-30858, CVE-2021-42762.

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
[...]
CVE-2021-30851
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to Samuel Groß of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to code
    execution. Description: A memory corruption vulnerability was
    addressed with improved locking.

CVE-2021-30851 seems to be REJECTED (cf.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30851). Is
there a typo in the CVE id for this one or did the CVE got rejected
later on? The CVE entry only states "Reason: This candidate was
withdrawn by the CVE program." so might give a light indication
towards that the CVE used has a typo and should be another one?

Can you clarify or have any insights here?

Regards,
Salvatore

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Carlos Alberto Lopez Perez (Oct 26)

Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 26)

Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Francis Perron (Oct 27)

Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Alberto Garcia (Oct 27)

Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Samuel Groß (Oct 27)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 27)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 31)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started