⚠ Actively exploited
Added to CISA KEV on 2026-03-05. Federal agencies required to patch by 2026-03-26. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2021-30952

CWE-190Integer Overflow12 documents9 sources
Severity
7.8HIGH
EPSS
1.2%
top 20.72%
CISA KEV
KEV
Added 2026-03-05
Due 2026-03-26
Exploit
No known exploits
Affected products
11
Apple IOS AND IpadosApple MacosApple Watchos+8 more
Timeline
PublishedAug 24
KEV addedMar 5
KEV dueMar 26
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

NVDapple/tvos< 15.2
CVEListV5apple/macosunspecified12.1+1
NVDapple/macos12.012.1
NVDapple/ipados< 15.2
NVDapple/safari< 15.2

Also affects: Debian Linux 10.0, 11.0, Fedora 34, 35

🔴Vulnerability Details

3
OSV
CVE-2021-30952: An integer overflow was addressed with improved input validation2021-08-24
CVEList
CVE-2021-30952: An integer overflow was addressed with improved input validation2021-08-24
VulnCheck
Apple Multiple Products Integer Overflow or Wraparound Vulnerability2021

📋Vendor Advisories

8
CISA
Apple Multiple Products Integer Overflow or Wraparound Vulnerability2026-03-05
Ubuntu
WebKitGTK vulnerabilities2022-01-27
Red Hat
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution2022-01-21
Apple
CVE-2021-30952: Safari 15.22021-12-14
Apple
CVE-2021-30952: watchOS 8.32021-12-13