CVE-2021-30786Race Condition in Apple Macos

CWE-362Race ConditionCWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write7 documents7 sources
Severity
7.0HIGHNVD
EPSS
0.2%
top 56.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple IOSApple MacosApple Iphone OS
Timeline
PublishedSep 8
Latest updateJun 7

Description

A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

CVEListV5apple/macosunspecified11.5
NVDapple/macos11.011.5
CVEListV5apple/iosunspecified14.7
NVDapple/iphone_os< 14.7

🔴Vulnerability Details

3
OSV
ntfs-3g vulnerabilities2022-06-07
GHSA
GHSA-mhx2-29jj-rxfr: A race condition was addressed with improved state handling2022-05-24
CVEList
CVE-2021-30786: A race condition was addressed with improved state handling2021-09-08

📋Vendor Advisories

3
Red Hat
ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate2022-05-26
Microsoft
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.2022-05-10
Apple
CVE-2021-30786: iOS 14.7 and iPadOS 14.7
CVE-2021-30786 — Race Condition in Apple Macos | cvebase