Vulnerability-Lookup

CVE-2021-30849 (GCVE-0-2021-30849)

Vulnerability from cvelistv5 – Published: 2021-10-19 13:11 – Updated: 2024-08-03 22:48

Summary

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

Processing maliciously crafted web content may lead to arbitrary code execution

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/HT212807	x_refsource_MISC
	https://support.apple.com/en-us/HT212814	x_refsource_MISC
	https://support.apple.com/en-us/HT212819	x_refsource_MISC
	https://support.apple.com/en-us/HT212815	x_refsource_MISC
	https://support.apple.com/en-us/HT212817	x_refsource_MISC
	https://support.apple.com/en-us/HT212816	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2021/10/26/9	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/10/27/1	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/10/27/2	mailing-listx_refsource_MLIST
	http://seclists.org/fulldisclosure/2021/Oct/60	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2021/Oct/62	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2021/Oct/63	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2021/Oct/61	mailing-listx_refsource_FULLDISC
	http://www.openwall.com/lists/oss-security/2021/10/27/4	mailing-listx_refsource_MLIST
	https://support.apple.com/kb/HT212869	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212953	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Apple

iOS and iPadOS

Affected: unspecified , < 14.8 (custom)

Apple	iOS and iPadOS	Affected: unspecified , < 15 (custom)
Apple	tvOS	Affected: unspecified , < 15 (custom)
Apple	Safari	Affected: unspecified , < 15 (custom)
Apple	iTunes for Windows	Affected: unspecified , < 12.12 (custom)
Apple	watchOS	Affected: unspecified , < 8 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:48:13.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212807"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212814"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212819"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212817"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212816"
          },
          {
            "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
          },
          {
            "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
          },
          {
            "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
          },
          {
            "name": "20211027 APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
          },
          {
            "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
          },
          {
            "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
          },
          {
            "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
          },
          {
            "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212869"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212953"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iTunes for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-19T12:06:18.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212807"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212814"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212819"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212817"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212816"
        },
        {
          "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
        },
        {
          "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
        },
        {
          "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
        },
        {
          "name": "20211027 APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
        },
        {
          "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
        },
        {
          "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
        },
        {
          "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
        },
        {
          "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212869"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212953"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-30849",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS and iPadOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iOS and iPadOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "15"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "tvOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "15"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Safari",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "15"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iTunes for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "12.12"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212807",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212807"
            },
            {
              "name": "https://support.apple.com/en-us/HT212814",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212814"
            },
            {
              "name": "https://support.apple.com/en-us/HT212819",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212819"
            },
            {
              "name": "https://support.apple.com/en-us/HT212815",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212815"
            },
            {
              "name": "https://support.apple.com/en-us/HT212817",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212817"
            },
            {
              "name": "https://support.apple.com/en-us/HT212816",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212816"
            },
            {
              "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
            },
            {
              "name": "https://support.apple.com/kb/HT212869",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212869"
            },
            {
              "name": "https://support.apple.com/kb/HT212953",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212953"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2021-30849",
    "datePublished": "2021-10-19T13:11:42.000Z",
    "dateReserved": "2021-04-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T22:48:13.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2021-30849

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-30849

Aliases

CVE-2021-30849

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-30849",
    "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.",
    "id": "GSD-2021-30849",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-30849.html",
      "https://advisories.mageia.org/CVE-2021-30849.html",
      "https://security.archlinux.org/CVE-2021-30849",
      "https://linux.oracle.com/cve/CVE-2021-30849.html",
      "https://access.redhat.com/errata/RHSA-2022:1777",
      "https://packetstormsecurity.com/files/cve/CVE-2021-30849"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-30849"
      ],
      "details": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.",
      "id": "GSD-2021-30849",
      "modified": "2023-12-13T01:23:31.566761Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2021-30849",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "14.8"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "tvOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Safari",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iTunes for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "12.12"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT212807",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212807"
          },
          {
            "name": "https://support.apple.com/en-us/HT212814",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212814"
          },
          {
            "name": "https://support.apple.com/en-us/HT212819",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212819"
          },
          {
            "name": "https://support.apple.com/en-us/HT212815",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212815"
          },
          {
            "name": "https://support.apple.com/en-us/HT212817",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212817"
          },
          {
            "name": "https://support.apple.com/en-us/HT212816",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212816"
          },
          {
            "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
          },
          {
            "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
          },
          {
            "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
          },
          {
            "name": "20211027 APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
          },
          {
            "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
          },
          {
            "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
          },
          {
            "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
          },
          {
            "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
          },
          {
            "name": "https://support.apple.com/kb/HT212869",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT212869"
          },
          {
            "name": "https://support.apple.com/kb/HT212953",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT212953"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-30849"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212819",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212819"
            },
            {
              "name": "https://support.apple.com/en-us/HT212817",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212817"
            },
            {
              "name": "https://support.apple.com/en-us/HT212807",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212807"
            },
            {
              "name": "https://support.apple.com/en-us/HT212815",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212815"
            },
            {
              "name": "https://support.apple.com/en-us/HT212816",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212816"
            },
            {
              "name": "https://support.apple.com/en-us/HT212814",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212814"
            },
            {
              "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
            },
            {
              "name": "https://support.apple.com/kb/HT212953",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT212953"
            },
            {
              "name": "https://support.apple.com/kb/HT212869",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT212869"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-11-23T20:20Z",
      "publishedDate": "2021-10-19T14:15Z"
    }
  }
}

GHSA-4JCP-GXVJ-75JH

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-30849"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-19T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.",
  "id": "GHSA-4jcp-gxvj-75jh",
  "modified": "2022-05-24T19:17:57Z",
  "published": "2022-05-24T19:17:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30849"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212807"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212814"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212815"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212816"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212817"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212819"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212869"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212953"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2021-30849

Vulnerability from osv_almalinux

Published

2022-05-10 06:24

Modified

2022-05-10 08:00

Summary

Moderate: webkit2gtk3 security, bug fix, and enhancement update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6). (BZ#1985042)

Security Fix(es):

webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free (CVE-2022-22620)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30809)
webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-30818)
webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30846)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30848)
webkitgtk: Multiple memory corruption issue leading to arbitrary code execution (CVE-2021-30849)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30851)
webkitgtk: Logic issue leading to Content Security Policy bypass (CVE-2021-30887)
webkitgtk: Information leak via Content Security Policy reports (CVE-2021-30888)
webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30889)
webkitgtk: Logic issue leading to universal cross-site scripting (CVE-2021-30890)
webkitgtk: Cross-origin data exfiltration via resource timing API (CVE-2021-30897)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30934)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30936)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30951)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30952)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30953)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30954)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30984)
webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481)
webkitgtk: use-after-free in WebCore::ContainerNode::firstChild (CVE-2021-45482)
webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483)
webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript (CVE-2022-22589)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22590)
webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2022-22592)
webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2022-22594)
webkitgtk: logic issue was addressed with improved state management (CVE-2022-22637)
webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2021-30836)
webkitgtk: CSS compositing issue leading to revealing of the browsing history (CVE-2021-30884)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.34.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.34.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.34.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.34.6-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nThe following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6). (BZ#1985042)\n\nSecurity Fix(es):\n\n* webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free (CVE-2022-22620)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30809)\n\n* webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-30818)\n\n* webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30846)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30848)\n\n* webkitgtk: Multiple memory corruption issue leading to arbitrary code execution (CVE-2021-30849)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30851)\n\n* webkitgtk: Logic issue leading to Content Security Policy bypass (CVE-2021-30887)\n\n* webkitgtk: Information leak via Content Security Policy reports (CVE-2021-30888)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30889)\n\n* webkitgtk: Logic issue leading to universal cross-site scripting (CVE-2021-30890)\n\n* webkitgtk: Cross-origin data exfiltration via resource timing API (CVE-2021-30897)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30934)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30936)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30951)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30952)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30953)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30954)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30984)\n\n* webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481)\n\n* webkitgtk: use-after-free in WebCore::ContainerNode::firstChild (CVE-2021-45482)\n\n* webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483)\n\n* webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript (CVE-2022-22589)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22590)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2022-22592)\n\n* webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2022-22594)\n\n* webkitgtk: logic issue was addressed with improved state management (CVE-2022-22637)\n\n* webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2021-30836)\n\n* webkitgtk: CSS compositing issue leading to revealing of the browsing history (CVE-2021-30884)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2022:1777",
  "modified": "2022-05-10T08:00:31Z",
  "published": "2022-05-10T06:24:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2022-1777.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30809"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30818"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30823"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30836"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30846"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30848"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30849"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30851"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30884"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30887"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30888"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30889"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30890"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30897"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30934"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30936"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30951"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30952"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30953"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30954"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-30984"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-45481"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-45482"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-45483"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22589"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22590"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22592"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22594"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22620"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22637"
    }
  ],
  "related": [
    "CVE-2022-22620",
    "CVE-2021-30809",
    "CVE-2021-30818",
    "CVE-2021-30823",
    "CVE-2021-30846",
    "CVE-2021-30848",
    "CVE-2021-30849",
    "CVE-2021-30851",
    "CVE-2021-30887",
    "CVE-2021-30888",
    "CVE-2021-30889",
    "CVE-2021-30890",
    "CVE-2021-30897",
    "CVE-2021-30934",
    "CVE-2021-30936",
    "CVE-2021-30951",
    "CVE-2021-30952",
    "CVE-2021-30953",
    "CVE-2021-30954",
    "CVE-2021-30984",
    "CVE-2021-45481",
    "CVE-2021-45482",
    "CVE-2021-45483",
    "CVE-2022-22589",
    "CVE-2022-22590",
    "CVE-2022-22592",
    "CVE-2022-22594",
    "CVE-2022-22637",
    "CVE-2021-30836",
    "CVE-2021-30884"
  ],
  "summary": "Moderate: webkit2gtk3 security, bug fix, and enhancement update"
}

FKIE_CVE-2021-30849

Vulnerability from fkie_nvd - Published: 2021-10-19 14:15 - Updated: 2024-11-21 06:04

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://seclists.org/fulldisclosure/2021/Oct/60	Mailing List, Third Party Advisory
product-security@apple.com	http://seclists.org/fulldisclosure/2021/Oct/61	Mailing List, Third Party Advisory
product-security@apple.com	http://seclists.org/fulldisclosure/2021/Oct/62	Mailing List, Third Party Advisory
product-security@apple.com	http://seclists.org/fulldisclosure/2021/Oct/63	Mailing List, Third Party Advisory
product-security@apple.com	http://www.openwall.com/lists/oss-security/2021/10/26/9	Mailing List
product-security@apple.com	http://www.openwall.com/lists/oss-security/2021/10/27/1	Mailing List
product-security@apple.com	http://www.openwall.com/lists/oss-security/2021/10/27/2	Mailing List
product-security@apple.com	http://www.openwall.com/lists/oss-security/2021/10/27/4	Mailing List
product-security@apple.com	https://support.apple.com/en-us/HT212807	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212814	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212815	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212816	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212817	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212819	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT212869	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT212953	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Oct/60	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Oct/61	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Oct/62	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Oct/63	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/10/26/9	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/10/27/1	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/10/27/2	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/10/27/4	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212807	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212814	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212815	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212816	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212817	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212819	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT212869	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT212953	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	itunes	*
apple	safari	*
apple	ipados	*
apple	iphone_os	*
apple	macos	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "CB49B700-7A2F-4696-A96B-059F4DDE91B9",
              "versionEndExcluding": "12.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F80E547D-86D4-4790-8C0B-8222019C476D",
              "versionEndExcluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD67B72-0B1D-46A8-A149-8149ED749FEC",
              "versionEndExcluding": "14.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F86481-D995-43D7-982F-5DC6E4682A65",
              "versionEndExcluding": "14.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "579B2A0D-A84F-45C2-B545-35ECEA3297DA",
              "versionEndExcluding": "12.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B32A978E-673C-421D-93A1-CA84D90B67E4",
              "versionEndExcluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5364285F-B3F2-465B-B738-2FC1C8913A44",
              "versionEndExcluding": "8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Se han abordado m\u00faltiples problemas de corrupci\u00f3n de memoria con un manejo de memoria mejorado. Este problema es corregido en iOS versi\u00f3n 14.8 y iPadOS versi\u00f3n 14.8, watchOS versi\u00f3n 8, Safari versi\u00f3n 15, tvOS versi\u00f3n 15, iOS versi\u00f3n 15 y iPadOS versi\u00f3n 15, iTunes versi\u00f3n 12.12 para Windows. El procesamiento de contenido web dise\u00f1ado de forma maliciosa puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario"
    }
  ],
  "id": "CVE-2021-30849",
  "lastModified": "2024-11-21T06:04:50.257",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-19T14:15:09.770",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212807"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212814"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212815"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212816"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212817"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212819"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212869"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212817"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212953"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2021-AVI-719

Vulnerability from certfr_avis - Published: 2021-09-21 - Updated: 2021-09-21

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	tvOS versions antérieures à 15.0
Apple	N/A	iTunes pour Windows versions antérieures à 12.12
Apple	N/A	Xcode versions antérieures à 13.0
Apple	N/A	iPadOS versions antérieures à 15.0
Apple	N/A	watchOS versions antérieures à 8.0
Apple	N/A	iOS versions antérieures à 15.0
Apple	Safari	Safari versions antérieures à 15.0

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-30849 (GCVE-0-2021-30849)

GSD-2021-30849

GHSA-4JCP-GXVJ-75JH

CVE-2021-30849

Vulnerability from osv_almalinux

FKIE_CVE-2021-30849

CERTFR-2021-AVI-719

Solution

Tags

Sightings

Nomenclature