CVE-2021-30849

CWE-787Out-of-bounds Write14 documents7 sources
Severity
7.8HIGH
EPSS
0.3%
top 50.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Apple IOS AND IpadosApple Itunes FOR WindowsApple Safari+6 more
Timeline
PublishedOct 19
Latest updateMay 24

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages14 packages

NVDapple/ipados< 14.8
CVEListV5apple/ios_and_ipadosunspecified14.8+1
CVEListV5apple/itunes_for_windowsunspecified12.12
CVEListV5apple/tvosunspecified15
NVDapple/tvos< 15.0

🔴Vulnerability Details

3
GHSA
GHSA-4jcp-gxvj-75jh: Multiple memory corruption issues were addressed with improved memory handling2022-05-24
CVEList
CVE-2021-30849: Multiple memory corruption issues were addressed with improved memory handling2021-10-19
OSV
CVE-2021-30849: Multiple memory corruption issues were addressed with improved memory handling2021-10-19

📋Vendor Advisories

10
Apple
CVE-2021-30849: iCloud for Windows 132021-11-10
Red Hat
webkitgtk: Multiple memory corruption issue leading to arbitrary code execution2021-10-26
Apple
CVE-2021-30849: macOS Monterey 12.0.12021-10-25
Apple
CVE-2021-30849: tvOS 152021-09-20
Apple
CVE-2021-30849: iTunes 12.12 for Windows2021-09-20
CVE-2021-30849 (HIGH CVSS 7.8) | Multiple memory corruption issues w | cvebase.io