ID

VAR-202109-1364


CVE

CVE-2021-30753


TITLE

Apple Buffer error vulnerabilities in multiple products

Trust: 0.6

sources: CNNVD: CNNVD-202109-386

DESCRIPTION

Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation

Trust: 1.08

sources: NVD: CVE-2021-30753 // VULHUB: VHN-390486 // VULMON: CVE-2021-30753

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:ltversion:14.6

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.5

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.4

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.6

Trust: 1.0

sources: NVD: CVE-2021-30753

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30753
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202109-386
value: MEDIUM

Trust: 0.6

VULHUB: VHN-390486
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-30753
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30753
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-390486
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30753
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-390486 // VULMON: CVE-2021-30753 // CNNVD: CNNVD-202109-386 // NVD: CVE-2021-30753

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

sources: VULHUB: VHN-390486 // NVD: CVE-2021-30753

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-386

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202109-386

PATCH

title:Apple Repair measures for buffer errors and vulnerabilities in many productsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162752

Trust: 0.6

sources: CNNVD: CNNVD-202109-386

EXTERNAL IDS

db:NVDid:CVE-2021-30753

Trust: 1.8

db:CNNVDid:CNNVD-202109-386

Trust: 0.6

db:VULHUBid:VHN-390486

Trust: 0.1

db:VULMONid:CVE-2021-30753

Trust: 0.1

sources: VULHUB: VHN-390486 // VULMON: CVE-2021-30753 // CNNVD: CNNVD-202109-386 // NVD: CVE-2021-30753

REFERENCES

url:https://support.apple.com/en-us/ht212528

Trust: 1.8

url:https://support.apple.com/en-us/ht212529

Trust: 1.8

url:https://support.apple.com/en-us/ht212532

Trust: 1.8

url:https://support.apple.com/en-us/ht212533

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-30753

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-390486 // VULMON: CVE-2021-30753 // CNNVD: CNNVD-202109-386 // NVD: CVE-2021-30753

SOURCES

db:VULHUBid:VHN-390486
db:VULMONid:CVE-2021-30753
db:CNNVDid:CNNVD-202109-386
db:NVDid:CVE-2021-30753

LAST UPDATE DATE

2024-08-14T14:03:04.302000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390486date:2023-01-09T00:00:00
db:VULMONid:CVE-2021-30753date:2023-01-09T00:00:00
db:CNNVDid:CNNVD-202109-386date:2021-09-16T00:00:00
db:NVDid:CVE-2021-30753date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-390486date:2021-09-08T00:00:00
db:VULMONid:CVE-2021-30753date:2021-09-08T00:00:00
db:CNNVDid:CNNVD-202109-386date:2021-09-08T00:00:00
db:NVDid:CVE-2021-30753date:2021-09-08T14:15:09.937