CVE-2021-30934
Vulnerability from cvelistv5
Published
2021-08-24 18:50
Modified
2024-08-03 22:48
Severity ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
References
product-security@apple.comhttp://www.openwall.com/lists/oss-security/2022/01/21/2
product-security@apple.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/
product-security@apple.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/
product-security@apple.comhttps://support.apple.com/en-us/HT212975
product-security@apple.comhttps://support.apple.com/en-us/HT212976
product-security@apple.comhttps://support.apple.com/en-us/HT212978
product-security@apple.comhttps://support.apple.com/en-us/HT212980
product-security@apple.comhttps://support.apple.com/en-us/HT212982
product-security@apple.comhttps://www.debian.org/security/2022/dsa-5060
product-security@apple.comhttps://www.debian.org/security/2022/dsa-5061
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2022/01/21/2
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT212975
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT212976
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT212978
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT212980
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT212982
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5060
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5061
Impacted products
Vendor Product Version
Apple watchOS Version: unspecified   < 8.3
Apple iOS and iPadOS Version: unspecified   < 15.2
Apple macOS Version: unspecified   < 12.1
Apple macOS Version: unspecified   < 15.2
Apple macOS Version: unspecified   < 15.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T22:48:14.225Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT212975",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT212976",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT212978",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT212980",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT212982",
               },
               {
                  name: "[oss-security] 20220121 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/01/21/2",
               },
               {
                  name: "FEDORA-2022-25a98f5d55",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/",
               },
               {
                  name: "DSA-5061",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5061",
               },
               {
                  name: "DSA-5060",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5060",
               },
               {
                  name: "FEDORA-2022-f7366e60cb",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "watchOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "8.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "iOS and iPadOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "15.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "macOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "12.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "macOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "15.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "macOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "15.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Processing maliciously crafted web content may lead to arbitrary code execution",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-06T03:06:17",
            orgId: "286789f9-fbc2-4510-9f9a-43facdede74c",
            shortName: "apple",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/en-us/HT212975",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/en-us/HT212976",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/en-us/HT212978",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/en-us/HT212980",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/en-us/HT212982",
            },
            {
               name: "[oss-security] 20220121 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/01/21/2",
            },
            {
               name: "FEDORA-2022-25a98f5d55",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/",
            },
            {
               name: "DSA-5061",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5061",
            },
            {
               name: "DSA-5060",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5060",
            },
            {
               name: "FEDORA-2022-f7366e60cb",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "product-security@apple.com",
               ID: "CVE-2021-30934",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "watchOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.3",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "iOS and iPadOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "15.2",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "macOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "12.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "macOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "15.2",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "macOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "15.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apple",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Processing maliciously crafted web content may lead to arbitrary code execution",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.apple.com/en-us/HT212975",
                     refsource: "MISC",
                     url: "https://support.apple.com/en-us/HT212975",
                  },
                  {
                     name: "https://support.apple.com/en-us/HT212976",
                     refsource: "MISC",
                     url: "https://support.apple.com/en-us/HT212976",
                  },
                  {
                     name: "https://support.apple.com/en-us/HT212978",
                     refsource: "MISC",
                     url: "https://support.apple.com/en-us/HT212978",
                  },
                  {
                     name: "https://support.apple.com/en-us/HT212980",
                     refsource: "MISC",
                     url: "https://support.apple.com/en-us/HT212980",
                  },
                  {
                     name: "https://support.apple.com/en-us/HT212982",
                     refsource: "MISC",
                     url: "https://support.apple.com/en-us/HT212982",
                  },
                  {
                     name: "[oss-security] 20220121 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2022/01/21/2",
                  },
                  {
                     name: "FEDORA-2022-25a98f5d55",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/",
                  },
                  {
                     name: "DSA-5061",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5061",
                  },
                  {
                     name: "DSA-5060",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5060",
                  },
                  {
                     name: "FEDORA-2022-f7366e60cb",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c",
      assignerShortName: "apple",
      cveId: "CVE-2021-30934",
      datePublished: "2021-08-24T18:50:35",
      dateReserved: "2021-04-13T00:00:00",
      dateUpdated: "2024-08-03T22:48:14.225Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2021-30934\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2021-08-24T19:15:20.657\",\"lastModified\":\"2024-11-21T06:04:59.740\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se abordó un problema de desbordamiento del búfer con una administración de memoria mejorada.&#xa0;Este problema es corregido en tvOS versión 15.2, macOS Monterey versión 12.1, Safari versión 15.2, iOS versión 15.2 e iPadOS versión 15.2, watchOS versión 8.3.&#xa0;El procesamiento de contenido web creado con fines maliciosos puede conllevar a una ejecución de código arbitrario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.2\",\"matchCriteriaId\":\"7B60AA98-68B6-4770-884B-36AE7826E729\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.2\",\"matchCriteriaId\":\"CCE4E546-A0DD-4E9E-A6B9-C19B04D77466\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.2\",\"matchCriteriaId\":\"7FB904C1-43D1-4583-8729-5D1B1746A54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.1\",\"matchCriteriaId\":\"CA118623-E817-42AA-AB39-6239B1284192\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.2\",\"matchCriteriaId\":\"16CAE2FB-FADC-4BF4-9115-D20D365051BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.3\",\"matchCriteriaId\":\"7A7245FB-6FBE-4C09-80F5-18504CA623B3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/01/21/2\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212975\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212976\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212978\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212980\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212982\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5060\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5061\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/01/21/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT212975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT212976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT212978\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT212980\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT212982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5061\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.