CVE-2021-30848 — Out-of-bounds Write in Apple IOS AND Ipados

CWE-787 — Out-of-bounds Write9 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 45.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Safari Apple Ipados +7 more

Timeline

PublishedOct 19

Latest updateMay 24

Description

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

▶NVDapple/ipados< 14.8

▶CVEListV5apple/ios_and_ipadosunspecified — 14.8+1

▶Appleapple/ios_15_and_ipados15

▶Appleapple/ios_14.8_and_ipados14.8

▶CVEListV5apple/safariunspecified — 15

🔴Vulnerability Details

GHSA

GHSA-wj2m-cc2g-mxw2: A memory corruption issue was addressed with improved memory handling↗2022-05-24

▶

OSV

CVE-2021-30848: A memory corruption issue was addressed with improved memory handling↗2021-10-19

▶

📋Vendor Advisories

Red Hat

webkitgtk: Memory corruption issue leading to arbitrary code execution↗2021-10-26

▶

Apple

CVE-2021-30848: macOS Monterey 12.0.1↗2021-10-25

▶

Apple

CVE-2021-30848: iOS 15 and iPadOS 15↗2021-09-20

▶

Apple

CVE-2021-30848: Safari 15↗2021-09-20

▶

Apple

CVE-2021-30848: iOS 14.8 and iPadOS 14.8↗2021-09-13

▶