Vulnerability Details : CVE-2021-30851
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-30851
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:12.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-30851
0.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-30851
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2021-30851
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-30851
-
https://support.apple.com/kb/HT212869
About the security content of macOS Monterey 12.0.1 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212814
About the security content of iOS 15 and iPadOS 15 - Apple SupportVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/
[SECURITY] Fedora 33 Update: webkit2gtk3-2.34.1-1.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/
[SECURITY] Fedora 34 Update: webkit2gtk3-2.34.1-1.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/10/31/1
oss-security - Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006Mailing List;Third Party Advisory
-
https://www.debian.org/security/2021/dsa-4996
Debian -- Security Information -- DSA-4996-1 wpewebkitThird Party Advisory
-
https://www.debian.org/security/2021/dsa-4995
Debian -- Security Information -- DSA-4995-1 webkit2gtkThird Party Advisory
-
https://support.apple.com/en-us/HT212816
About the security content of Safari 15 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212819
About the security content of watchOS 8 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212815
About the security content of tvOS 15 - Apple SupportVendor Advisory
Jump to