Sign-up

ID

VAR-202108-1162


CVE

CVE-2021-31008


TITLE

Mistype vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2021-021093

DESCRIPTION

A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 15.1, tvOS 15.1, iOS 15 and iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. Processing maliciously crafted web content may lead to code execution. Safari , iPadOS , iOS Multiple Apple products have a type mixup vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none

Trust: 1.8

sources: NVD: CVE-2021-31008 // JVNDB: JVNDB-2021-021093 // VULHUB: VHN-390741 // VULMON: CVE-2021-31008

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:ltversion:15.1

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.0

Trust: 1.0

vendor:applemodel:safariscope:ltversion:15.1

Trust: 1.0

vendor:applemodel:macosscope:eqversion:12.0.0

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:8.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.0

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:eqversion:8.1

Trust: 0.8

vendor:アップルmodel:safariscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-021093 // NVD: CVE-2021-31008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31008
value: HIGH

Trust: 1.0

NVD: CVE-2021-31008
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202108-2121
value: HIGH

Trust: 0.6

VULHUB: VHN-390741
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-31008
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390741
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-31008
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-31008
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390741 // JVNDB: JVNDB-2021-021093 // CNNVD: CNNVD-202108-2121 // NVD: CVE-2021-31008

PROBLEMTYPE DATA

problemtype:CWE-843

Trust: 1.1

problemtype:Mistake of type (CWE-843) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-390741 // JVNDB: JVNDB-2021-021093 // NVD: CVE-2021-31008

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-2121

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-2121

PATCH

title:HT212875 Apple  Security updateurl:https://support.apple.com/en-us/HT212814

Trust: 0.8

title:Multiple Apple Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194535

Trust: 0.6

sources: JVNDB: JVNDB-2021-021093 // CNNVD: CNNVD-202108-2121

EXTERNAL IDS

db:NVDid:CVE-2021-31008

Trust: 3.4

db:JVNDBid:JVNDB-2021-021093

Trust: 0.8

db:CNNVDid:CNNVD-202108-2121

Trust: 0.6

db:VULHUBid:VHN-390741

Trust: 0.1

db:VULMONid:CVE-2021-31008

Trust: 0.1

sources: VULHUB: VHN-390741 // VULMON: CVE-2021-31008 // JVNDB: JVNDB-2021-021093 // CNNVD: CNNVD-202108-2121 // NVD: CVE-2021-31008

REFERENCES

url:https://support.apple.com/en-us/ht212814

Trust: 1.7

url:https://support.apple.com/en-us/ht212869

Trust: 1.7

url:https://support.apple.com/en-us/ht212874

Trust: 1.7

url:https://support.apple.com/en-us/ht212875

Trust: 1.7

url:https://support.apple.com/en-us/ht212876

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-31008

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-390741 // VULMON: CVE-2021-31008 // JVNDB: JVNDB-2021-021093 // CNNVD: CNNVD-202108-2121 // NVD: CVE-2021-31008

SOURCES

db:VULHUBid:VHN-390741
db:VULMONid:CVE-2021-31008
db:JVNDBid:JVNDB-2021-021093
db:CNNVDid:CNNVD-202108-2121
db:NVDid:CVE-2021-31008

LAST UPDATE DATE

2024-08-14T13:53:56.624000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390741date:2023-01-09T00:00:00
db:VULMONid:CVE-2021-31008date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-021093date:2024-07-17T07:35:00
db:CNNVDid:CNNVD-202108-2121date:2022-06-01T00:00:00
db:NVDid:CVE-2021-31008date:2023-11-07T03:34:19.163

SOURCES RELEASE DATE

db:VULHUBid:VHN-390741date:2021-08-24T00:00:00
db:VULMONid:CVE-2021-31008date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-021093date:2024-07-17T00:00:00
db:CNNVDid:CNNVD-202108-2121date:2021-08-24T00:00:00
db:NVDid:CVE-2021-31008date:2021-08-24T19:15:24.807