Details of VAR-202109-1344

ID

VAR-202109-1344

CVE

CVE-2021-30729

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple iPadOS is an operating system for iPad tablet computers developed by Apple. There is a code problem vulnerability in Apple iPadOS, which is caused by the login problem of the CommCenter component. A remote attacker could exploit this vulnerability to perform a DoS attack. The following products and versions are affected: iPados: 14.0 18A373, 14.0.1 18A393, 14.1 18A8395, 14.2 18b92, 14.2 18b111, 14.3 18C66, 14.4 18d52, 14.4.1 18d61, 14.4.2 18D70, 14E199, 14.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5

Trust: 1.62

sources: NVD: CVE-2021-30729 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390462 // VULMON: CVE-2021-30729

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	14.6	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.6	Trust: 1.0

sources: NVD: CVE-2021-30729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30729
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1527
value:	HIGH
Trust: 0.6
VULHUB:	VHN-390462
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-30729
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30729
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-390462
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30729
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-390462 // VULMON: CVE-2021-30729 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1527 // NVD: CVE-2021-30729

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2021-30729

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1527

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Apple iPadOS Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151712	Trust: 0.6
title:	Apple: iOS 14.6 and iPadOS 14.6	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aebc753d2fbbe6784a52339b16fd5417	Trust: 0.1

sources: VULMON: CVE-2021-30729 // CNNVD: CNNVD-202105-1527

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30729	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021052505	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1527	Trust: 0.6
db:	VULHUB	id:	VHN-390462	Trust: 0.1
db:	VULMON	id:	CVE-2021-30729	Trust: 0.1

sources: VULHUB: VHN-390462 // VULMON: CVE-2021-30729 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1527 // NVD: CVE-2021-30729

REFERENCES

url:	https://support.apple.com/en-us/ht212528	Trust: 1.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-35513	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052505	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30729	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht212528	Trust: 0.1

sources: VULHUB: VHN-390462 // VULMON: CVE-2021-30729 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1527 // NVD: CVE-2021-30729

SOURCES

db:	VULHUB	id:	VHN-390462
db:	VULMON	id:	CVE-2021-30729
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1527
db:	NVD	id:	CVE-2021-30729

LAST UPDATE DATE

2024-08-14T12:35:59.488000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390462	date:	2023-01-09T00:00:00
db:	VULMON	id:	CVE-2021-30729	date:	2021-09-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1527	date:	2021-09-15T00:00:00
db:	NVD	id:	CVE-2021-30729	date:	2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390462	date:	2021-09-08T00:00:00
db:	VULMON	id:	CVE-2021-30729	date:	2021-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1527	date:	2021-05-25T00:00:00
db:	NVD	id:	CVE-2021-30729	date:	2021-09-08T14:15:09.027