CVE-2021-30663

Description

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.

Related CPE's

a apple macos ********

a apple safari ********

o apple ipados ********

o apple iphone_os ********

o apple tvos ********

References

https://support.apple.com/en-us/HT212341

Vendor Advisory

https://support.apple.com/en-us/HT212534

Vendor Advisory

https://support.apple.com/en-us/HT212336

Vendor Advisory

https://support.apple.com/en-us/HT212532

Vendor Advisory

https://support.apple.com/en-us/HT212335

Vendor Advisory

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	HIGH
PrivilegesRequired	NONE
BaseScore	8.8
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version	3.1
UserInteraction	REQUIRED

CvssV2 impact

AccessComplexity	MEDIUM
ConfidentialityImpact	PARTIAL
AvailabilityImpact	PARTIAL
IntegrityImpact	PARTIAL
BaseScore	6.8
VectorString	AV:N/AC:M/Au:N/C:P/I:P/A:P
Version	2.0
AccessVector	NETWORK
Authentication	NONE

Created by Yello

About Severity.io