ID

VAR-202108-1255


CVE

CVE-2021-30940


TITLE

Classic buffer overflow vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2021-020999

DESCRIPTION

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents. iPadOS , iOS , Apple Mac OS X Classic buffer overflow vulnerabilities exist in multiple Apple products.Information may be obtained. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. Information about the security content is also available at https://support.apple.com/HT212979. Archive Utility Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30950: @gorelics Bluetooth Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: A logic issue was addressed with improved validation. CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America Bluetooth Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30935: an anonymous researcher ColorSync Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. CVE-2021-30942: Mateusz Jurczyk of Google Project Zero CoreAudio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab CVE-2021-30961: an anonymous researcher CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: macOS Big Sur Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab Crash Reporter Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Graphics Drivers Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30977: Jack Dates of RET2 Systems, Inc. Help Viewer Available for: macOS Big Sur Impact: Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk Description: A path handling issue was addressed with improved validation. CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30981: Liu Long of Ant Security Light-Year Lab, an anonymous researcher IOUSBHostFamily Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: A race condition was addressed with improved locking. CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero LaunchServices Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved validation. CVE-2021-30990: Ron Masas of BreakPoint.sh LaunchServices Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security Preferences Available for: macOS Big Sur Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t) Sandbox Available for: macOS Big Sur Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security Sandbox Available for: macOS Big Sur Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security Sandbox Available for: macOS Big Sur Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics Script Editor Available for: macOS Big Sur Impact: A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions Description: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. CVE-2021-30975: Ryan Pickren (ryanpickren.com) TCC Available for: macOS Big Sur Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2021-30970: Jonathan Bar Or of Microsoft TCC Available for: macOS Big Sur Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients Description: A logic issue was addressed with improved state management. CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security Wi-Fi Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: This issue was addressed with improved checks. CVE-2021-30938: Xinru Chi of Pangu Lab Additional recognition Admin Framework We would like to acknowledge Simon Andersen of Aarhus University and Pico Mitchell for their assistance. ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance. Contacts We would like to acknowledge Minchan Park (03stin) for their assistance. Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance. Model I/O We would like to acknowledge Rui Yang and Xingwei Lin of Ant Security Light-Year Lab for their assistance. Installation note: This update may be obtained from the Mac App Store Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UncACgkQeC9qKD1p rhi3ZA/+JN0mQCWghikUr8/kK9kNAz6FtHO3M5yvyXXQkArAQBmaTk5aaSpsEDi1 KrE+khCjp7N1eGTHrJ2L6q35X+2UEZZUGC/Uic7Dt/CKoQvkTyfGKCHMIhTxF6O8 JGRIz1+wKCXq8lADs29Q1rRg0TkfaIcbCiKI0YMNWgGWBVuXy5LBq/6EvZ2f8Vhe kvDB46D27C9xHgbCq+ihmVdE6iwAVfVYYOh22uP2lGkT6a1jKI6iifkPl/tuiiVy ZWRLWUJwa3HOdAzy511MSjdnj9RBsI4TYJa4QW+Urn8N4sf9wlrU+5Ng+Yfob4U7 n1G2g2V3o3CQpInl+L7CQN44oFYy9UMmuQGtWd3AqcUbTASuoYcV7P6Hz9X5Akwo buASJcsVBbsCCcFGu8OCygvM3ro44D7uG0vPy65BBTVxgiEyUtSuEE8Gti930zC0 FbBgIQk0W2rvBZiEh+stl/87XrIso18oW7k2D5gmkud6TWqK83JxS8Dmd8Rs1uGW Jc2f7enQyN3OQ2MqcU2aYPdV9+QoEq4Hn29xlct99Vq8lcSwp+rtrP7ZgF3MqVRB Dku4o5Xeh3JngTn1si+lk7X1xVX8DHPnV/k0ZUuCB6TJOLUkdye8ezoLpmkf6Nq/ Q5LC4KIwz9JVMON1ZArO58EMBJXKrA8doxHAxZBOBJxBJQqEltQ\x8afg -----END PGP SIGNATURE-----

Trust: 1.98

sources: NVD: CVE-2021-30940 // JVNDB: JVNDB-2021-020999 // VULHUB: VHN-390673 // VULMON: CVE-2021-30940 // PACKETSTORM: 165356 // PACKETSTORM: 165357

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:15.2

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.1

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.2

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:12.0 that's all 12.1

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:11.0 that's all 11.6.2

Trust: 0.8

sources: JVNDB: JVNDB-2021-020999 // NVD: CVE-2021-30940

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30940
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-30940
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202108-2040
value: MEDIUM

Trust: 0.6

VULHUB: VHN-390673
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30940
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390673
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30940
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-30940
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390673 // JVNDB: JVNDB-2021-020999 // CNNVD: CNNVD-202108-2040 // NVD: CVE-2021-30940

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.1

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-390673 // JVNDB: JVNDB-2021-020999 // NVD: CVE-2021-30940

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2040

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202108-2040

PATCH

title:HT212979 Apple  Security updateurl:https://support.apple.com/en-us/HT212976

Trust: 0.8

title:Apple macOS Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=176800

Trust: 0.6

sources: JVNDB: JVNDB-2021-020999 // CNNVD: CNNVD-202108-2040

EXTERNAL IDS

db:NVDid:CVE-2021-30940

Trust: 3.6

db:PACKETSTORMid:165356

Trust: 0.8

db:PACKETSTORMid:165357

Trust: 0.8

db:JVNDBid:JVNDB-2021-020999

Trust: 0.8

db:CS-HELPid:SB2021121432

Trust: 0.6

db:AUSCERTid:ESB-2021.4260

Trust: 0.6

db:CNNVDid:CNNVD-202108-2040

Trust: 0.6

db:VULHUBid:VHN-390673

Trust: 0.1

db:VULMONid:CVE-2021-30940

Trust: 0.1

sources: VULHUB: VHN-390673 // VULMON: CVE-2021-30940 // JVNDB: JVNDB-2021-020999 // PACKETSTORM: 165356 // PACKETSTORM: 165357 // CNNVD: CNNVD-202108-2040 // NVD: CVE-2021-30940

REFERENCES

url:https://support.apple.com/en-us/ht212976

Trust: 2.3

url:https://support.apple.com/en-us/ht212978

Trust: 1.7

url:https://support.apple.com/en-us/ht212979

Trust: 1.7

url:https://support.apple.com/en-us/ht212981

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30940

Trust: 1.0

url:https://www.cybersecurity-help.cz/vdb/sb2021121432

Trust: 0.6

url:https://packetstormsecurity.com/files/165357/apple-security-advisory-2021-12-15-4.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4260

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064

Trust: 0.6

url:https://packetstormsecurity.com/files/165356/apple-security-advisory-2021-12-15-3.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-30961

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30958

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30969

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30938

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30935

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30927

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30945

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30939

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30950

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30941

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30963

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30965

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30973

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30931

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30959

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30971

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30937

Trust: 0.2

url:https://support.apple.com/kb/ht201222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30968

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30949

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30767

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30929

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30942

Trust: 0.2

url:https://nvd.nist.gov

Trust: 0.1

url:https://support.apple.com/ht212979.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30970

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30977

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30975

Trust: 0.1

url:https://support.apple.com/ht212981.

Trust: 0.1

sources: VULHUB: VHN-390673 // VULMON: CVE-2021-30940 // JVNDB: JVNDB-2021-020999 // PACKETSTORM: 165356 // PACKETSTORM: 165357 // CNNVD: CNNVD-202108-2040 // NVD: CVE-2021-30940

CREDITS

Apple

Trust: 0.2

sources: PACKETSTORM: 165356 // PACKETSTORM: 165357

SOURCES

db:VULHUBid:VHN-390673
db:VULMONid:CVE-2021-30940
db:JVNDBid:JVNDB-2021-020999
db:PACKETSTORMid:165356
db:PACKETSTORMid:165357
db:CNNVDid:CNNVD-202108-2040
db:NVDid:CVE-2021-30940

LAST UPDATE DATE

2024-08-14T13:11:00.609000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390673date:2022-01-03T00:00:00
db:VULMONid:CVE-2021-30940date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-020999date:2024-07-17T02:23:00
db:CNNVDid:CNNVD-202108-2040date:2022-12-09T00:00:00
db:NVDid:CVE-2021-30940date:2023-11-07T03:33:57.817

SOURCES RELEASE DATE

db:VULHUBid:VHN-390673date:2021-08-24T00:00:00
db:VULMONid:CVE-2021-30940date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-020999date:2024-07-17T00:00:00
db:PACKETSTORMid:165356date:2021-12-17T19:19:33
db:PACKETSTORMid:165357date:2021-12-17T19:19:44
db:CNNVDid:CNNVD-202108-2040date:2021-08-24T00:00:00
db:NVDid:CVE-2021-30940date:2021-08-24T19:15:21.137