Alpine: webkit2gtk: security update to 2.34.0-r0

high Tenable Self-Hosted Container Security Plugin ID 427129

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey
12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may
lead to arbitrary code execution. (CVE-2021-30889)

- A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and
iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web
content may lead to arbitrary code execution. (CVE-2021-30818)

- A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS
14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be
able to bypass HSTS. (CVE-2021-30823)

- A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and
iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web
content may lead to arbitrary code execution. (CVE-2021-30846)

- A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15,
tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code
execution. (CVE-2021-30851)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-30818

https://security.alpinelinux.org/vuln/CVE-2021-30823

https://security.alpinelinux.org/vuln/CVE-2021-30846

https://security.alpinelinux.org/vuln/CVE-2021-30851

https://security.alpinelinux.org/vuln/CVE-2021-30884

https://security.alpinelinux.org/vuln/CVE-2021-30888

https://security.alpinelinux.org/vuln/CVE-2021-30889

https://security.alpinelinux.org/vuln/CVE-2021-30897

https://security.alpinelinux.org/vuln/CVE-2021-45481

https://security.alpinelinux.org/vuln/CVE-2021-45483

Plugin Details

Severity: High

ID: 427129

Version: Revision 1.1

Type: Local

Published: 5/16/2025

Updated: 5/16/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-30889

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/24/2021

Reference Information

CVE: CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, CVE-2021-30897, CVE-2021-45481, CVE-2021-45483