CVE-2021-30851 — Out-of-bounds Write in Apple IOS AND Ipados

CWE-787 — Out-of-bounds Write11 documents7 sources

Severity

8.8HIGHNVD

EPSS

1.0%

top 22.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Safari Apple Tvos +6 more

Timeline

PublishedAug 24

Latest updateNov 1

Description

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages10 packages

▶CVEListV5apple/tvosunspecified — 15

▶NVDapple/tvos< 15.0

▶CVEListV5apple/safariunspecified — 15

▶NVDapple/ipados< 15.0

▶NVDapple/safari< 15.0

Also affects: Debian Linux 10.0, 11.0, Fedora 33, 34

🔴Vulnerability Details

CVEList

CVE-2021-30851: A memory corruption vulnerability was addressed with improved locking↗2021-08-24

▶

OSV

CVE-2021-30851: A memory corruption vulnerability was addressed with improved locking↗2021-08-24

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerabilities↗2021-11-01

▶

Red Hat

webkitgtk: Memory corruption issue leading to arbitrary code execution↗2021-10-26

▶

Apple

CVE-2021-30851: macOS Monterey 12.0.1↗2021-10-25

▶

Apple

CVE-2021-30851: watchOS 8↗2021-09-20

▶

Apple

CVE-2021-30851: tvOS 15↗2021-09-20

▶