cvelistv5 - cve-2021-30715

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT212528	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212529	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212530	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212532	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212533	Release Notes, Vendor Advisory

▼	Vendor	Product
	Apple	iOS and iPadOS
	Apple	macOS
	Apple	macOS
	Apple	macOS
	Apple	macOS

var-202109-1382

Vulnerability from variot

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple tvOS is a smart TV operating system developed by Apple (Apple). An input validation error vulnerability exists in tvOS due to insufficient validation of user-supplied input in the operating system's kernel subsystem. A remote attacker could exploit this vulnerability to send specially crafted messages to the system and cause a denial of service (DoS) attack. Affected products and versions: tvOS: 14.0 18J386, 14.0.1 18J400, 14.0.2 18J411, 14.2 18K57, 14.3 18K561, 14.4 18K802, 14.5 18L204. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-05-25-7 tvOS 14.6

tvOS 14.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212532.

Audio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative

Audio Available for: Apple TV 4K and Apple TV HD Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro

CoreAudio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30686: Mickey Jin of Trend Micro

Crash Reporter Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30727: Cees Elzinga

CVMS Available for: Apple TV 4K and Apple TV HD Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro

Heimdal Available for: Apple TV 4K and Apple TV HD Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)

Heimdal Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management. CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security

ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted ASTC file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30705: Ye Zhang of Baidu Security

Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30740: Linus Henze (pinauten.de)

Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30704: an anonymous researcher

Kernel Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted message may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)

Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2021-30736: Ian Beer of Google Project Zero

LaunchServices Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan)

Security Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. CVE-2021-30737: xerub

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-30744: Dan Hite of jsontop

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-21779: Marcin Towalski of Cisco Talos

WebKit Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2021-30682: an anonymous researcher and 1lastBr3ath

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30689: an anonymous researcher

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative

WebKit Available for: Apple TV 4K and Apple TV HD Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A logic issue was addressed with improved restrictions. CVE-2021-30720: David Schütz (@xdavidhu)

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: An integer overflow was addressed with improved input validation. CVE-2021-30663: an anonymous researcher

Additional recognition

ImageIO We would like to acknowledge Jzhu working with Trend Micro Zero Day Initiative and an anonymous researcher for their assistance.

WebKit We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance.

Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."

To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9MACgkQZcsbuWJ6 jjBzuhAAmXJik2L+PmRMzs6dd1QcCSwHYi0KLG0ERapHKJsFcm5+xpv87a4AFO4p 3E6+5w9wQSWVEsQG1PIvuyV3M81xuu8xY88tAD1ce1qGA4Dny4E7RU08Y0l43j/x d1RemCf0TjwYpvX34/GaOspxFQYnRo1gWsU1v7bieF8vMHZmUOlgiNep0UEG3Kuq 7IAAsfzWS43a+nkefSDWEujMNwbg1SZKua/+BXgZC7AOXdAHItqyNBFIerUc2uSf ReHLZ5BNBKw9OsL9qoJsiLCmwxKrpUTzpQahu2gybZf65nza6QPOTohqqWq79EOD mIqOW4SQ5mVSrzMh+GB9EovMY+l5YgyHwObTUjRW+4znLU7fqNXBgwzgWoIpJdF0 rpkjP3phOGXZWwiBhRmm5iYI08HFoBfF+EoPFN5Ucl7ZWz2uF0bQlbp3yqRoGRaO ZWY2LzPIdP5zSq7rqXDaVnNFuKF93J4ouZZwVMXA4yf5wmQ3silIeJlvxxphlet8 oXv2pkewq9A81RGMlgMDZMvawQvPGkOVgeBm1coajN1swNY8esW7N6J1+rtDL0mI sulaGZCeSM9ndg5VRU2lpClFdGEUZXT2hZ8NoMV6jj48c0gZBW3M82snGD4zeRqM dcezqg6o22ZxpogRJuRf41Y87ktE5o73wgj0xu72MQoxK86+Ek0= =BeQR -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1382",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.6"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.5"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.4"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.6"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.6"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30715"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.15.6",
                "versionStartIncluding": "10.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.4",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30715"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162825"
      },
      {
        "db": "PACKETSTORM",
        "id": "162827"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2021-30715",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-390448",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-30715",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-30715",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202105-1563",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-390448",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-30715",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390448"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30715"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30715"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1563"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple tvOS is a smart TV operating system developed by Apple (Apple). An input validation error vulnerability exists in tvOS due to insufficient validation of user-supplied input in the operating system\u0027s kernel subsystem. A remote attacker could exploit this vulnerability to send specially crafted messages to the system and cause a denial of service (DoS) attack. Affected products and versions: tvOS: 14.0 18J386, 14.0.1 18J400, 14.0.2 18J411, 14.2 18K57, 14.3 18K561, 14.4 18K802, 14.5 18L204. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-05-25-7 tvOS 14.6\n\ntvOS 14.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212532. \n\nAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30707: hjy79425575 working with Trend Micro Zero Day\nInitiative\n\nAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro\n\nCoreAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30686: Mickey Jin of Trend Micro\n\nCrash Reporter\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30727: Cees Elzinga\n\nCVMS\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A local attacker may be able to elevate  their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro\n\nHeimdal\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A local user may be able to leak sensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30697: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may cause a denial of service or\npotentially disclose memory contents\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30710: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to disclosure\nof user information\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to disclosure\nof user information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of\nBaidu Security\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted ASTC file may disclose\nmemory contents\nDescription: This issue was addressed with improved checks. \nCVE-2021-30705: Ye Zhang of Baidu Security\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30740: Linus Henze (pinauten.de)\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30704: an anonymous researcher\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30715: The UK\u0027s National Cyber Security Centre (NCSC)\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2021-30736: Ian Beer of Google Project Zero\n\nLaunchServices\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2021-30677: Ron Waisberg (@epsilan)\n\nSecurity\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue in the ASN.1 decoder was\naddressed by removing the vulnerable code. \nCVE-2021-30737: xerub\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nCVE-2021-30665: yangkang (@dnpushme)\u0026zerokeeper\u0026bianliang of 360 ATA\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A cross-origin issue with iframe elements was addressed\nwith improved tracking of security origins. \nCVE-2021-30744: Dan Hite of jsontop\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-21779: Marcin Towalski of Cisco Talos\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30682: an anonymous researcher and 1lastBr3ath\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30689: an anonymous researcher\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,\nASU. working with Trend Micro Zero Day Initiative\nCVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)\nworking with Trend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious website may be able to access restricted ports on\narbitrary servers\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30720: David Sch\u00fctz (@xdavidhu)\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-30663: an anonymous researcher\n\nAdditional recognition\n\nImageIO\nWe would like to acknowledge Jzhu working with Trend Micro Zero Day\nInitiative and an anonymous researcher for their assistance. \n\nWebKit\nWe would like to acknowledge Chris Salls (@salls) of Makai Security\nfor their assistance. \n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9MACgkQZcsbuWJ6\njjBzuhAAmXJik2L+PmRMzs6dd1QcCSwHYi0KLG0ERapHKJsFcm5+xpv87a4AFO4p\n3E6+5w9wQSWVEsQG1PIvuyV3M81xuu8xY88tAD1ce1qGA4Dny4E7RU08Y0l43j/x\nd1RemCf0TjwYpvX34/GaOspxFQYnRo1gWsU1v7bieF8vMHZmUOlgiNep0UEG3Kuq\n7IAAsfzWS43a+nkefSDWEujMNwbg1SZKua/+BXgZC7AOXdAHItqyNBFIerUc2uSf\nReHLZ5BNBKw9OsL9qoJsiLCmwxKrpUTzpQahu2gybZf65nza6QPOTohqqWq79EOD\nmIqOW4SQ5mVSrzMh+GB9EovMY+l5YgyHwObTUjRW+4znLU7fqNXBgwzgWoIpJdF0\nrpkjP3phOGXZWwiBhRmm5iYI08HFoBfF+EoPFN5Ucl7ZWz2uF0bQlbp3yqRoGRaO\nZWY2LzPIdP5zSq7rqXDaVnNFuKF93J4ouZZwVMXA4yf5wmQ3silIeJlvxxphlet8\noXv2pkewq9A81RGMlgMDZMvawQvPGkOVgeBm1coajN1swNY8esW7N6J1+rtDL0mI\nsulaGZCeSM9ndg5VRU2lpClFdGEUZXT2hZ8NoMV6jj48c0gZBW3M82snGD4zeRqM\ndcezqg6o22ZxpogRJuRf41Y87ktE5o73wgj0xu72MQoxK86+Ek0=\n=BeQR\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30715"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390448"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30715"
      },
      {
        "db": "PACKETSTORM",
        "id": "162825"
      },
      {
        "db": "PACKETSTORM",
        "id": "162827"
      }
    ],
    "trust": 1.8
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-390448",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390448"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-30715",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "162825",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1563",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021052503",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1794",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "162827",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-390448",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30715",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390448"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30715"
      },
      {
        "db": "PACKETSTORM",
        "id": "162825"
      },
      {
        "db": "PACKETSTORM",
        "id": "162827"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30715"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1563"
      }
    ]
  },
  "id": "VAR-202109-1382",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390448"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:38:38.033000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple tvOS Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151748"
      },
      {
        "title": "Apple: iOS 14.6 and iPadOS 14.6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aebc753d2fbbe6784a52339b16fd5417"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-30715"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1563"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30715"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212528"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212529"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212530"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212532"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212533"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30715"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-35513"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021052503"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1794"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162825/apple-security-advisory-2021-05-25-7.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30740"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30710"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30697"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30685"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30737"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30704"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30736"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30707"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30686"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30687"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30677"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30727"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30724"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30700"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30701"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht212528"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212532."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212533."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30681"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390448"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30715"
      },
      {
        "db": "PACKETSTORM",
        "id": "162825"
      },
      {
        "db": "PACKETSTORM",
        "id": "162827"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30715"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1563"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-390448"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30715"
      },
      {
        "db": "PACKETSTORM",
        "id": "162825"
      },
      {
        "db": "PACKETSTORM",
        "id": "162827"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30715"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1563"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390448"
      },
      {
        "date": "2021-09-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30715"
      },
      {
        "date": "2021-05-26T17:50:13",
        "db": "PACKETSTORM",
        "id": "162825"
      },
      {
        "date": "2021-05-26T17:50:55",
        "db": "PACKETSTORM",
        "id": "162827"
      },
      {
        "date": "2021-09-08T15:15:15.997000",
        "db": "NVD",
        "id": "CVE-2021-30715"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-05-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-1563"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390448"
      },
      {
        "date": "2021-09-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30715"
      },
      {
        "date": "2021-09-16T17:11:52.780000",
        "db": "NVD",
        "id": "CVE-2021-30715"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-1563"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1563"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Pillow Buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

gsd-2021-30715

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.

Aliases

CVE-2021-30715

Aliases

CVE-2021-30715

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-30715",
    "description": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.",
    "id": "GSD-2021-30715"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-30715"
      ],
      "details": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.",
      "id": "GSD-2021-30715",
      "modified": "2023-12-13T01:23:31.312558Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2021-30715",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "14.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "2021"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "14.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Processing a maliciously crafted message may lead to a denial of service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT212528",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212528"
          },
          {
            "name": "https://support.apple.com/en-us/HT212529",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212529"
          },
          {
            "name": "https://support.apple.com/en-us/HT212532",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212532"
          },
          {
            "name": "https://support.apple.com/en-us/HT212533",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212533"
          },
          {
            "name": "https://support.apple.com/en-us/HT212530",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212530"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.15.6",
                "versionStartIncluding": "10.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.4",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-30715"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212530",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212530"
            },
            {
              "name": "https://support.apple.com/en-us/HT212529",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212529"
            },
            {
              "name": "https://support.apple.com/en-us/HT212528",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212528"
            },
            {
              "name": "https://support.apple.com/en-us/HT212532",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212532"
            },
            {
              "name": "https://support.apple.com/en-us/HT212533",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212533"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-09-16T17:11Z",
      "publishedDate": "2021-09-08T15:15Z"
    }
  }
}

ghsa-frfj-xhqr-qppx

Vulnerability from github

Published

2022-05-24 19:13

Modified

2022-05-24 19:13

Details

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-30715"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.",
  "id": "GHSA-frfj-xhqr-qppx",
  "modified": "2022-05-24T19:13:22Z",
  "published": "2022-05-24T19:13:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30715"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212528"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212529"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212530"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212532"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212533"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Action not permitted

cve-2021-30715

Vulnerability from cvelistv5

var-202109-1382

Vulnerability from variot

gsd-2021-30715

Vulnerability from gsd

ghsa-frfj-xhqr-qppx

Vulnerability from github

Tags