CVE-2021-1820
published 2021-09-08CVE-2021-1820: A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4…
PriorityP432medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
1.33%
67.7th percentile
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_14.5_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 14.5 | 14.5 |
| apple | ipados | < 14.5 | 14.5 |
| apple | iphone_os | < 14.5 | 14.5 |
| apple | macos | >= 11.0 < 11.3 | 11.3 |
| apple | macos | >= unspecified < 11.3 | 11.3 |
| apple | macos_big_sur | — | — |
| apple | tvos | < 14.5 | 14.5 |
| apple | tvos | >= unspecified < 14.5 | 14.5 |
| apple | watchos | < 7.4 | 7.4 |
| apple | watchos | >= unspecified < 7.4 | 7.4 |
| debian | webkit2gtk | < webkit2gtk 2.30.1-1 (bookworm) | webkit2gtk 2.30.1-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.30.1-1 (bookworm) | webkit2gtk 2.30.1-1 (bookworm) |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g25v-ch2q-jp7c: A memory initialization issue was addressed with improved memory handling
ghsa_unreviewed·2022-05-24
CVE-2021-1820 [MEDIUM] CWE-668 GHSA-g25v-ch2q-jp7c: A memory initialization issue was addressed with improved memory handling
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory.
OSV
CVE-2021-1820: A memory initialization issue was addressed with improved memory handling
osv·2021-09-08·CVSS 6.5
CVE-2021-1820 [MEDIUM] CVE-2021-1820: A memory initialization issue was addressed with improved memory handling
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory.
Red Hat
webkitgtk: Memory initialization issue possibly leading to memory disclosure
vendor_redhat·2021-07-28·CVSS 6.5
CVE-2021-1820 [MEDIUM] CWE-20 webkitgtk: Memory initialization issue possibly leading to memory disclosure
webkitgtk: Memory initialization issue possibly leading to memory disclosure
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Out of support scope
Package: webkit2gtk3 (Red Hat Enterprise Linux 9) - Not affected
Apple
CVE-2021-1820: iOS 14.5 and iPadOS 14.5
vendor_apple·2021-04-26·CVSS 6.5
CVE-2021-1820 [MEDIUM] CVE-2021-1820: iOS 14.5 and iPadOS 14.5
Apple Security Update: About the security content of iOS 14.5 and iPadOS 14.5
Product: iOS 14.5 and iPadOS
Version: 14.5
CVE: CVE-2021-1820
Component: WebKit
Impact: Processing maliciously crafted web content may result in the disclosure of process memory
Description: A memory initialization issue was addressed with improved memory handling.
Apple
CVE-2021-1820: macOS Big Sur 11.3
vendor_apple·2021-04-26·CVSS 6.5
CVE-2021-1820 [MEDIUM] CVE-2021-1820: macOS Big Sur 11.3
Apple Security Update: About the security content of macOS Big Sur 11.3
Product: macOS Big Sur
Version: 11.3
CVE: CVE-2021-1820
Component: WebKit
Impact: Processing maliciously crafted web content may result in the disclosure of process memory
Description: A memory initialization issue was addressed with improved memory handling.
Debian
CVE-2021-1820: webkit2gtk - A memory initialization issue was addressed with improved memory handling. This ...
vendor_debian·2021·CVSS 6.5
CVE-2021-1820 [MEDIUM] CVE-2021-1820: webkit2gtk - A memory initialization issue was addressed with improved memory handling. This ...
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory.
Scope: local
bookworm: resolved (fixed in 2.30.1-1)
bullseye: resolved (fixed in 2.30.1-1)
forky: resolved (fixed in 2.30.1-1)
sid: resolved (fixed in 2.30.1-1)
trixie: resolved (fixed in 2.30.1-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.apple.com/en-us/HT212317https://support.apple.com/en-us/HT212323https://support.apple.com/en-us/HT212324https://support.apple.com/en-us/HT212325https://support.apple.com/en-us/HT212317https://support.apple.com/en-us/HT212323https://support.apple.com/en-us/HT212324https://support.apple.com/en-us/HT212325
2021-09-08
Published