ID

VAR-202109-1358


CVE

CVE-2021-30746


TITLE

macOS  Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013520

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. A buffer error vulnerability exists in the Model IO component of Apple MacOS, which originates from a boundary condition of the Model IO subsystem. The following products and models are affected: MacOS 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 5, 159E287, 10.19.15 19F101, 10.15.6 19G73, 10.15.6 19G2021, 10.15.7 19H2

Trust: 2.97

sources: NVD: CVE-2021-30746 // JVNDB: JVNDB-2021-013520 // ZDI: ZDI-21-791 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390479 // VULMON: CVE-2021-30746

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.15.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.2

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.1

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.6

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 1.0

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-791 // JVNDB: JVNDB-2021-013520 // NVD: CVE-2021-30746

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30746
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-30746
value: MEDIUM

Trust: 0.8

ZDI: CVE-2021-30746
value: LOW

Trust: 0.7

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-1539
value: MEDIUM

Trust: 0.6

VULHUB: VHN-390479
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30746
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390479
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30746
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-30746
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-30746
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-791 // VULHUB: VHN-390479 // JVNDB: JVNDB-2021-013520 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1539 // NVD: CVE-2021-30746

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-390479 // JVNDB: JVNDB-2021-013520 // NVD: CVE-2021-30746

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1539

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:HT212530 Apple  Security updateurl:https://support.apple.com/en-us/HT212528

Trust: 0.8

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/HT212529

Trust: 0.7

title:Apple macOS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151724

Trust: 0.6

title:Apple: iOS 14.6 and iPadOS 14.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aebc753d2fbbe6784a52339b16fd5417

Trust: 0.1

sources: ZDI: ZDI-21-791 // VULMON: CVE-2021-30746 // JVNDB: JVNDB-2021-013520 // CNNVD: CNNVD-202105-1539

EXTERNAL IDS

db:NVDid:CVE-2021-30746

Trust: 4.1

db:ZDIid:ZDI-21-791

Trust: 1.4

db:JVNDBid:JVNDB-2021-013520

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-13386

Trust: 0.7

db:CNNVDid:CNNVD-202105-1539

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1794

Trust: 0.6

db:CS-HELPid:SB2021052502

Trust: 0.6

db:VULHUBid:VHN-390479

Trust: 0.1

db:VULMONid:CVE-2021-30746

Trust: 0.1

sources: ZDI: ZDI-21-791 // VULHUB: VHN-390479 // VULMON: CVE-2021-30746 // JVNDB: JVNDB-2021-013520 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1539 // NVD: CVE-2021-30746

REFERENCES

url:https://support.apple.com/en-us/ht212528

Trust: 1.7

url:https://support.apple.com/en-us/ht212529

Trust: 1.7

url:https://support.apple.com/en-us/ht212530

Trust: 1.7

url:https://support.apple.com/en-us/ht212531

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30746

Trust: 1.4

url:https://support.apple.com/ht212529

Trust: 0.7

url:https://www.zerodayinitiative.com/advisories/zdi-21-791/

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-35513

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1794

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052502

Trust: 0.6

url:https://support.apple.com/kb/ht212528

Trust: 0.1

sources: ZDI: ZDI-21-791 // VULHUB: VHN-390479 // VULMON: CVE-2021-30746 // JVNDB: JVNDB-2021-013520 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1539 // NVD: CVE-2021-30746

CREDITS

Mickey Jin (@patch1t) of Trend Micro

Trust: 1.3

sources: ZDI: ZDI-21-791 // CNNVD: CNNVD-202105-1539

SOURCES

db:ZDIid:ZDI-21-791
db:VULHUBid:VHN-390479
db:VULMONid:CVE-2021-30746
db:JVNDBid:JVNDB-2021-013520
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-1539
db:NVDid:CVE-2021-30746

LAST UPDATE DATE

2024-08-14T12:59:00.665000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-791date:2021-07-13T00:00:00
db:VULHUBid:VHN-390479date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2021-013520date:2022-09-14T09:33:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-1539date:2021-09-16T00:00:00
db:NVDid:CVE-2021-30746date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-791date:2021-07-13T00:00:00
db:VULHUBid:VHN-390479date:2021-09-08T00:00:00
db:JVNDBid:JVNDB-2021-013520date:2022-09-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-1539date:2021-05-25T00:00:00
db:NVDid:CVE-2021-30746date:2021-09-08T14:15:09.680