CVE-2021-30934Classic Buffer Overflow in Apple IOS AND Ipados

CWE-120Classic Buffer Overflow10 documents7 sources
Severity
8.8HIGHNVD
EPSS
1.7%
top 17.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Apple IOS AND IpadosApple MacosApple Watchos+6 more
Timeline
PublishedAug 24
Latest updateJan 27

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

NVDapple/tvos< 15.2
CVEListV5apple/macosunspecified12.1+1
NVDapple/macos12.012.1
NVDapple/ipados< 15.2
NVDapple/safari< 15.2

Also affects: Debian Linux 10.0, 11.0, Fedora 34, 35

🔴Vulnerability Details

2
CVEList
CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling2021-08-24
OSV
CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling2021-08-24

📋Vendor Advisories

7
Ubuntu
WebKitGTK vulnerabilities2022-01-27
Red Hat
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution2022-01-21
Apple
CVE-2021-30934: Safari 15.22021-12-14
Apple
CVE-2021-30934: macOS Monterey 12.12021-12-13
Apple
CVE-2021-30934: watchOS 8.32021-12-13
CVE-2021-30934 — Classic Buffer Overflow in Apple | cvebase