Details of VAR-202108-2172

ID

VAR-202108-2172

CVE

CVE-2021-30858

TITLE

Apple macOS Big Sur Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202108-1951

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-23-1 iOS 12.5.5 iOS 12.5.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212824. CoreGraphics Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Description: An integer overflow was addressed with improved input validation. CVE-2021-30860: The Citizen Lab WebKit Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30858: an anonymous researcher XNU Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges. CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be "12.5.5" Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFMwTMACgkQeC9qKD1p rhgcXBAAyiXSTr7W8qmZJBjvLtLCHgFktFKHCjlufFKhQprFBUTWFgvYbqKLBg5w WHR9AqL+QUDtyybsf/STlITmcy7FtOlr1Ru/B9tVR/BKAS/8e2ngOVKcY2ska7Pb SuPsiyc9UI1VdxDZBkVfbTbDj3YMKOrK1ORK4UMDISU6bAbwMqFpriV9vCijk2Xh F7PFFlt9NwknUcuEEm7wT//hyLgZFx6mefFxTuBqKaHbHgCoAB6SJrCCHP2kU9rY +6IVq0xLEzEG5NNw/rQ/Xq0HVoNQiprQSCsSlwSgvuj/F9IdIcT+n0rdevK5wpIJ wlvKq0WG0Zumeq/vkpKtfB07nlsHmMOGldyRlGKd6xKcX3hM5Z3uFAvHQl6GByFx ALTfA7xcHKCNH6TBaAeAJIFOzDLDYghp4vsIEgnj1cZwc8IVQ0bAAgRgoQOXgwic 2IS9la1JmxG8/AzAWp9rSRMdQG8AvSaJFCS8sLjaprwC4d6MVESkJiJwEodx/x/g 6x4U1mP31UJARdlGDW3IZL7vbVr06Tv4fsF6sVxrtoDL8nDYp+bD0Qz67J9M0thx 08Ua7+lBw/sXIRhZMLJL5yxSQUPUBUIbWtWzZneDZWripUnL3WV3+mph68N6KnDz ORv11TKhITXpDkKV9VhMnBBAGw9oipBapqhNup6dYwpdPp4+M5g= =mQdQ -----END PGP SIGNATURE----- . 8) - aarch64, ppc64le, s390x, x86_64 3. Bug Fix(es): * WebProcess::initializeWebProcess crashing on aarch64 (BZ#2010825) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkitgtk4 security update Advisory ID: RHSA-2022:0059-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0059 Issue date: 2022-01-11 CVE Names: CVE-2021-30858 ==================================================================== 1. Summary: An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30858) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: webkitgtk4-2.28.2-3.el7.src.rpm x86_64: webkitgtk4-2.28.2-3.el7.i686.rpm webkitgtk4-2.28.2-3.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-3.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm webkitgtk4-devel-2.28.2-3.el7.i686.rpm webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: webkitgtk4-2.28.2-3.el7.src.rpm x86_64: webkitgtk4-2.28.2-3.el7.i686.rpm webkitgtk4-2.28.2-3.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-3.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm webkitgtk4-devel-2.28.2-3.el7.i686.rpm webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: webkitgtk4-2.28.2-3.el7.src.rpm ppc64: webkitgtk4-2.28.2-3.el7.ppc.rpm webkitgtk4-2.28.2-3.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-3.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-3.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-3.el7.ppc.rpm webkitgtk4-jsc-2.28.2-3.el7.ppc64.rpm ppc64le: webkitgtk4-2.28.2-3.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-3.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-3.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-3.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.ppc64le.rpm s390x: webkitgtk4-2.28.2-3.el7.s390.rpm webkitgtk4-2.28.2-3.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-3.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-3.el7.s390x.rpm webkitgtk4-jsc-2.28.2-3.el7.s390.rpm webkitgtk4-jsc-2.28.2-3.el7.s390x.rpm x86_64: webkitgtk4-2.28.2-3.el7.i686.rpm webkitgtk4-2.28.2-3.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm webkitgtk4-devel-2.28.2-3.el7.i686.rpm webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-3.el7.noarch.rpm ppc64: webkitgtk4-debuginfo-2.28.2-3.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-3.el7.ppc64.rpm webkitgtk4-devel-2.28.2-3.el7.ppc.rpm webkitgtk4-devel-2.28.2-3.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.ppc64.rpm s390x: webkitgtk4-debuginfo-2.28.2-3.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-3.el7.s390x.rpm webkitgtk4-devel-2.28.2-3.el7.s390.rpm webkitgtk4-devel-2.28.2-3.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: webkitgtk4-2.28.2-3.el7.src.rpm x86_64: webkitgtk4-2.28.2-3.el7.i686.rpm webkitgtk4-2.28.2-3.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm webkitgtk4-devel-2.28.2-3.el7.i686.rpm webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-3.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-30858 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYd37ddzjgjWX9erEAQjIBw//X0CWLozcqp62pyxvvZD/fpR7OK8ux/kO jIhtCKZdBwK8SaLcLRvFrNvOb/qY3AZa/XbPQjzaKztuWplxDU2LZBz74mngWEW0 r43dWUacOBZq0mbNek5WiInippBLDVDlDzg8X6qwTpH6Z9EqY6EtX9ZzrXtwOthI alOkbYIVJg/4Wkrp8gXyupgT934OyEQfZkrR1SUbxlhKjdfFx7vgeqz3+G7odT75 90MTCo0Vo6XgDOS7j5xjrwQU05vtgvRJH8/OMauSyAzYQ+qPvwJP76CGC7SphGhR LzUWlk5MaCiAGalb9FFK8A4cx8dUv0VAVOP74IZs6IUjpjz4FzSmpnAfZk1xLgyQ SJ7NS1pH2zED20eo5qgSMDvfsPw9igD0DwN29cyPi9IVbLIFjdB4+42yCK6WKOyu l31tVQBHQAbOf7ArUQQdoA7pEGzibEdy3brUbQu4Bv4LCMB2zJpLOFxTzEdp0xyz RYAxA+A8+1brMlvGh8v4wmfAxTvWXuecCnG/ilyXOq1FFQq86CBmj9Da9jLB1VuP S9xKEazAcAdrxivE53wQfUt7HurjJgtjTvUCtDPCiNYZ3617vgd29ep0PtN2EAIe ADXxd0twQIQA84Cjx5TGJgrWoU/dNLFvJFQ72Wkk5Qc0R2ZEnvBYN8ylDPTDLW0s SM2WAjGpY2M=kSrx -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4 Description ========== Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. Impact ===== An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code, violate iframe sandboxing policy, access restricted ports on arbitrary servers, cause memory corruption, or could cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4" References ========= [ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202202-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For the oldstable distribution (buster), this problem has been fixed in version 2.32.4-1~deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 2.32.4-1~deb11u1. We recommend that you upgrade your webkit2gtk packages

Trust: 1.8

sources: NVD: CVE-2021-30858 // VULHUB: VHN-390591 // VULMON: CVE-2021-30858 // PACKETSTORM: 164201 // PACKETSTORM: 164196 // PACKETSTORM: 164277 // PACKETSTORM: 164748 // PACKETSTORM: 165517 // PACKETSTORM: 165794 // PACKETSTORM: 169117 // PACKETSTORM: 169119

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	12.5.5	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.8	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.8	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	apple	model:	ipados	scope:	gte	version:	13.1	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	gte	version:	13.0	Trust: 1.0

sources: NVD: CVE-2021-30858

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-30858
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202108-1951
value:	HIGH
Trust: 0.6
VULHUB:	VHN-390591
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-30858
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0
VULHUB:	VHN-390591
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULMON:	CVE-2021-30858
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-390591 // VULMON: CVE-2021-30858 // CNNVD: CNNVD-202108-1951 // NVD: CVE-2021-30858

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.1

sources: VULHUB: VHN-390591 // NVD: CVE-2021-30858

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1951

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202108-1951

CONFIGURATIONS

sources: NVD: CVE-2021-30858

PATCH

title:	Apple macOS Big Sur Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=162838	Trust: 0.6
title:	Debian Security Advisories: DSA-4975-1 webkit2gtk -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5db54186925e9bf1d208a2b11e299b67	Trust: 0.1
title:	Debian Security Advisories: DSA-4976-1 wpewebkit -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5da73458bc4c1bfc6b9037e64c70793c	Trust: 0.1
title:	Red Hat: CVE-2021-30858	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2021-30858	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1747	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2022-1747	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=cve-2021-30858 log	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-015	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=alas2022-2022-015	Trust: 0.1
title:	CVE-202130858 (Intended for testing on an Apple iOS device or a Sony Playstation 4 of any flavor)	url:	https://github.com/fitterminator/cve-202130858	Trust: 0.1
title:	CVEREV3	url:	https://github.com/kameleonreloaded/cverev3	Trust: 0.1
title:	CVE-202130858 (Intended for testing on an Apple iOS device or a Sony Playstation 4 of any flavor)	url:	https://github.com/fitterminator/ps4-cve-202130858	Trust: 0.1
title:	PS4CVE202130858	url:	https://github.com/nazky/ps4cve202130858	Trust: 0.1
title:	https://github.com/ChendoChap/PS5-Webkit-Execution	url:	https://github.com/chendochap/ps5-webkit-execution	Trust: 0.1
title:	NIST Bulk CVE Lookup by Jay Chen Sample output	url:	https://github.com/jaychen2/nist-bulk-cve-lookup	Trust: 0.1
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/ostorlab/kev	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/apple-patches-zero-days-attack/174988/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2021/09/13/apple_ios_macos_security_fixes/	Trust: 0.1

sources: VULMON: CVE-2021-30858 // CNNVD: CNNVD-202108-1951

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30858	Trust: 2.6
db:	OPENWALL	id:	OSS-SECURITY/2021/09/20/1	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2021/10/27/4	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2021/10/27/2	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2021/10/26/9	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2021/10/27/1	Trust: 1.8
db:	PACKETSTORM	id:	164748	Trust: 0.8
db:	PACKETSTORM	id:	165524	Trust: 0.7
db:	PACKETSTORM	id:	164982	Trust: 0.7
db:	PACKETSTORM	id:	164201	Trust: 0.7
db:	PACKETSTORM	id:	164277	Trust: 0.7
db:	CS-HELP	id:	SB2021092018	Trust: 0.6
db:	CS-HELP	id:	SB2022011153	Trust: 0.6
db:	CS-HELP	id:	SB2021111716	Trust: 0.6
db:	CS-HELP	id:	SB2021092803	Trust: 0.6
db:	CS-HELP	id:	SB2022011401	Trust: 0.6
db:	CS-HELP	id:	SB2021091322	Trust: 0.6
db:	CS-HELP	id:	SB2021092317	Trust: 0.6
db:	CS-HELP	id:	SB2021110314	Trust: 0.6
db:	CS-HELP	id:	SB2021100415	Trust: 0.6
db:	PACKETSTORM	id:	164242	Trust: 0.6
db:	PACKETSTORM	id:	164262	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3103	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3333	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3161	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3400	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3654	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3212	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0100	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3914	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3198	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0382	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-1951	Trust: 0.6
db:	PACKETSTORM	id:	165517	Trust: 0.2
db:	VULHUB	id:	VHN-390591	Trust: 0.1
db:	VULMON	id:	CVE-2021-30858	Trust: 0.1
db:	PACKETSTORM	id:	164196	Trust: 0.1
db:	PACKETSTORM	id:	165794	Trust: 0.1
db:	PACKETSTORM	id:	169117	Trust: 0.1
db:	PACKETSTORM	id:	169119	Trust: 0.1

sources: VULHUB: VHN-390591 // VULMON: CVE-2021-30858 // PACKETSTORM: 164201 // PACKETSTORM: 164196 // PACKETSTORM: 164277 // PACKETSTORM: 164748 // PACKETSTORM: 165517 // PACKETSTORM: 165794 // PACKETSTORM: 169117 // PACKETSTORM: 169119 // CNNVD: CNNVD-202108-1951 // NVD: CVE-2021-30858

REFERENCES

url:	https://support.apple.com/en-us/ht212804	Trust: 2.4
url:	https://www.debian.org/security/2021/dsa-4975	Trust: 1.9
url:	https://support.apple.com/en-us/ht212807	Trust: 1.9
url:	https://support.apple.com/kb/ht212824	Trust: 1.8
url:	https://www.debian.org/security/2021/dsa-4976	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/sep/25	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/sep/27	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/sep/29	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/sep/38	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/sep/39	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/sep/50	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/09/20/1	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/10/26/9	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/10/27/1	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/10/27/2	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/10/27/4	Trust: 1.8
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bo6dmthzr57jdboxpsnr2mkdmcrwv265/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xynv7ask4lqvaumjxnxbs3z7rvdq2n3w/	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30858	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2021-30858	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bo6dmthzr57jdboxpsnr2mkdmcrwv265/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xynv7ask4lqvaumjxnxbs3z7rvdq2n3w/	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2022.0100	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0382	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021111716	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021091322	Trust: 0.6
url:	https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-multiple-vulnerabilities-36750	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011401	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3198	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3654	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-two-vulnerabilities-36384	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092803	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3212	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3333	Trust: 0.6
url:	https://packetstormsecurity.com/files/164242/apple-security-advisory-2021-09-20-6.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/164262/ubuntu-security-notice-usn-5087-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/164277/apple-security-advisory-2021-09-23-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/164982/red-hat-security-advisory-2021-4686-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3914	Trust: 0.6
url:	https://packetstormsecurity.com/files/164201/apple-security-advisory-2021-09-13-5.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht212824	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021110314	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092317	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092018	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021100415	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3103	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3400	Trust: 0.6
url:	https://packetstormsecurity.com/files/164748/red-hat-security-advisory-2021-4097-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011153	Trust: 0.6
url:	https://packetstormsecurity.com/files/165524/red-hat-security-advisory-2022-0075-03.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3161	Trust: 0.6
url:	https://support.apple.com/kb/ht201222	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30860	Trust: 0.2
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://www.debian.org/security/faq	Trust: 0.2
url:	https://www.debian.org/security/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://github.com/fitterminator/cve-202130858	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://alas.aws.amazon.com/al2/alas-2022-1747.html	Trust: 0.1
url:	https://support.apple.com/ht212808.	Trust: 0.1
url:	https://support.apple.com/ht212804.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30869	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1
url:	https://support.apple.com/ht212824.	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4097	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0059	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1844	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30984	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30744	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30849	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30953	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1820	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30851	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30952	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30887	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30762	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30846	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2021-0005.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30884	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30682	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30897	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30936	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30663	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30954	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30890	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1817	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42762	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30758	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30799	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30818	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21779	Trust: 0.1
url:	https://security.gentoo.org/glsa/202202-01	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45482	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1871	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30665	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30809	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30795	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1825	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30661	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30666	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30734	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21775	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1826	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30749	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30689	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30951	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2021-0004.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30889	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30823	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30761	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30888	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30934	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30848	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1788	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2021-0006.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21806	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30836	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/wpewebkit	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/webkit2gtk	Trust: 0.1

CREDITS

Apple

Trust: 0.3

sources: PACKETSTORM: 164201 // PACKETSTORM: 164196 // PACKETSTORM: 164277

SOURCES

db:	VULHUB	id:	VHN-390591
db:	VULMON	id:	CVE-2021-30858
db:	PACKETSTORM	id:	164201
db:	PACKETSTORM	id:	164196
db:	PACKETSTORM	id:	164277
db:	PACKETSTORM	id:	164748
db:	PACKETSTORM	id:	165517
db:	PACKETSTORM	id:	165794
db:	PACKETSTORM	id:	169117
db:	PACKETSTORM	id:	169119
db:	CNNVD	id:	CNNVD-202108-1951
db:	NVD	id:	CVE-2021-30858

LAST UPDATE DATE

2024-05-19T20:57:14.174000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390591	date:	2021-12-03T00:00:00
db:	VULMON	id:	CVE-2021-30858	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202108-1951	date:	2022-01-28T00:00:00
db:	NVD	id:	CVE-2021-30858	date:	2023-11-07T03:33:33.730

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390591	date:	2021-08-24T00:00:00
db:	VULMON	id:	CVE-2021-30858	date:	2021-08-24T00:00:00
db:	PACKETSTORM	id:	164201	date:	2021-09-20T16:03:26
db:	PACKETSTORM	id:	164196	date:	2021-09-19T14:22:22
db:	PACKETSTORM	id:	164277	date:	2021-09-24T15:40:03
db:	PACKETSTORM	id:	164748	date:	2021-11-02T15:42:50
db:	PACKETSTORM	id:	165517	date:	2022-01-12T15:37:03
db:	PACKETSTORM	id:	165794	date:	2022-02-01T17:03:05
db:	PACKETSTORM	id:	169117	date:	2021-09-28T19:12:00
db:	PACKETSTORM	id:	169119	date:	2021-09-28T19:12:00
db:	CNNVD	id:	CNNVD-202108-1951	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-30858	date:	2021-08-24T19:15:14.253