CVE-2021-21775 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-21775?

CVE-2021-21775 has a CVSS score of 8.0 (HIGH). This CVE describes a use-after-free vulnerability in WebKitGTK's ImageLoader that can be exploited via malicious web pages. Attackers could potentially leak sensitive information or cause memory corruption leading to arbitrary code execution. Users of WebKitGTK-based browsers on affected systems are vulnerable.

📋 TL;DR

This CVE describes a use-after-free vulnerability in WebKitGTK's ImageLoader that can be exploited via malicious web pages. Attackers could potentially leak sensitive information or cause memory corruption leading to arbitrary code execution. Users of WebKitGTK-based browsers on affected systems are vulnerable.

💻 Affected Systems

Products:

WebKitGTK
Browsers using WebKitGTK (Epiphany, Midori, etc.)

Versions: WebKitGTK 2.30.4 and earlier versions

Operating Systems: Linux distributions using WebKitGTK (Fedora, Debian, Ubuntu, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Any application embedding WebKitGTK is potentially vulnerable. The vulnerability is in the WebKit rendering engine.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Information disclosure (memory leak) and application crashes, potentially leading to denial of service.

🟢

If Mitigated

Limited impact with proper sandboxing and memory protection mechanisms in place.

🌐 Internet-Facing: HIGH - Exploitable via malicious web pages without user interaction beyond visiting the page.

🏢 Internal Only: MEDIUM - Requires user to visit malicious content, which could be delivered internally via phishing or compromised sites.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user to visit a malicious webpage. No public exploit code is known, but the vulnerability is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: WebKitGTK 2.30.5 and later

Vendor Advisory: https://webkitgtk.org/security/WSA-2021-0005.html

Restart Required: Yes

Instructions:

1. Update WebKitGTK package using your distribution's package manager. 2. For Fedora: 'sudo dnf update webkit2gtk3'. 3. For Debian: 'sudo apt update && sudo apt install libwebkit2gtk-4.0-37'. 4. Restart affected applications.

🔧 Temporary Workarounds

Disable JavaScript

linux

Disable JavaScript in WebKitGTK-based browsers to prevent exploitation

Browser-specific: In Epiphany, go to Preferences > Privacy and disable JavaScript

Use alternative browser

linux

Temporarily use browsers not based on WebKitGTK (Firefox, Chromium)

🧯 If You Can't Patch

Implement network filtering to block access to untrusted websites
Use application sandboxing (Firejail, Flatpak) to limit potential damage

🔍 How to Verify

Check if Vulnerable:

Check WebKitGTK version: 'pkg-config --modversion webkit2gtk-4.0' or 'rpm -q webkit2gtk3' or 'dpkg -l | grep webkit2gtk'

Check Version:

pkg-config --modversion webkit2gtk-4.0

Verify Fix Applied:

Verify version is 2.30.5 or higher using the same commands

📡 Detection & Monitoring

Log Indicators:

Browser/WebKit crash logs
Memory access violation errors
Unexpected process termination

Network Indicators:

Requests to known malicious domains hosting exploit code
Unusual outbound connections after visiting web pages

SIEM Query:

process_name:"epiphany" OR process_name:"webkit" AND (event_type:"crash" OR event_type:"segfault")

📊 Metadata

CVE ID: CVE-2021-21775

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: July 7, 2021

Last Updated: November 21, 2024

🔗 References

http://www.openwall.com/lists/oss-security/2021/07/23/1 Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYMMBQN4PRVDLMIJT2LY2BWHLYBD57P3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4QORERLPDN3UNNJFJSOMHZZCU2G75Q6/
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229 Exploit,Technical Description,Third Party Advisory
https://www.debian.org/security/2021/dsa-4945 Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/07/23/1 Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYMMBQN4PRVDLMIJT2LY2BWHLYBD57P3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4QORERLPDN3UNNJFJSOMHZZCU2G75Q6/
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229 Exploit,Technical Description,Third Party Advisory
https://www.debian.org/security/2021/dsa-4945 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21775, you might also want to check these: