CVE-2021-30953 — Out-of-bounds Read in Apple IOS AND Ipados

CWE-125 — Out-of-bounds Read10 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 34.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Watchos +6 more

Timeline

PublishedAug 24

Latest updateJan 27

Description

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

▶NVDapple/tvos< 15.2

▶CVEListV5apple/macosunspecified — 12.1+1

▶NVDapple/ipados< 15.2

▶NVDapple/safari< 15.2

▶CVEListV5apple/watchosunspecified — 8.3

Also affects: Debian Linux 10.0, 11.0, Fedora 34, 35

🔴Vulnerability Details

OSV

CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking↗2021-08-24

▶

CVEList

CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking↗2021-08-24

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerabilities↗2022-01-27

▶

Red Hat

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution↗2022-01-21

▶

Apple

CVE-2021-30953: Safari 15.2↗2021-12-14

▶

Apple

CVE-2021-30953: tvOS 15.2↗2021-12-13

▶

Apple

CVE-2021-30953: macOS Monterey 12.1↗2021-12-13

▶