一、漏洞信息
漏洞编号:[CVE-2021-44964](https://nvd.nist.gov/vuln/detail/CVE-2021-44964)
漏洞归属组件:webkit2gtk3
漏洞归属的版本:2.22.2,2.28.3
CVSS V3.0分值:
BaseScore:6.3 Medium
Vector:CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
漏洞简述:
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
漏洞公开时间:2022-03-14 23:15
漏洞创建时间:2022-04-02 09:54:12
漏洞详情参考链接:
https://nvd.nist.gov/vuln/detail/CVE-2021-44964
漏洞分析指导链接:
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
二、漏洞分析结构反馈
影响性分析说明:
openEuler评分:
受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1(2.22.2):
2.openEuler-20.03-LTS-SP2(2.22.2):
3.openEuler-20.03-LTS-SP3(2.22.2):
修复是否涉及abi变化(是/否):
1.openEuler-20.03-LTS-SP1(2.22.2):
2.openEuler-20.03-LTS-SP2(2.22.2):
3.openEuler-20.03-LTS-SP3(2.22.2):