Vulnerability Details : CVE-2021-30663
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.
Vulnerability category: Overflow
Products affected by CVE-2021-30663
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
CVE-2021-30663 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Apple Multiple Products WebKit Integer Overflow Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products whi
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2021-30663
Added on
2021-11-03
Action due date
2021-11-17
Exploit prediction scoring system (EPSS) score for CVE-2021-30663
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-30663
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-03 |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2021-30663
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2021-30663
-
https://support.apple.com/en-us/HT212532
About the security content of tvOS 14.6 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212534
About the security content of Safari 14.1.1 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212336
About the security content of iOS 14.5.1 and iPadOS 14.5.1 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212335
About the security content of macOS Big Sur 11.3.1 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212341
About the security content of iOS 12.5.3 - Apple SupportVendor Advisory
Jump to