var-202109-1354
Vulnerability from variot
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple iPadOS is an operating system for iPad tablet computers developed by Apple. A resource management error vulnerability exists in Apple iPadOS. The vulnerability stems from a use-after-free in the Mail component when processing email messages. A remote attacker could exploit this vulnerability to execute arbitrary code. The following products and versions are affected: iPados: 14.0 18A373, 14.0.1 18A393, 14.1 18A8395, 14.2 18b92, 14.2 18b111, 14.3 18C66, 14.4 18d52, 14.4.1 18d61, 14.4.2 18D70, 14E199, 14.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1354", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ipados", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.6" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.6" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-30741" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.6", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-30741" } ] }, "cve": "CVE-2021-30741", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-390474", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2021-30741", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-30741", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202105-1522", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-390474", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-30741", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-390474" }, { "db": "VULMON", "id": "CVE-2021-30741" }, { "db": "NVD", "id": "CVE-2021-30741" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202105-1522" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple iPadOS is an operating system for iPad tablet computers developed by Apple. A resource management error vulnerability exists in Apple iPadOS. The vulnerability stems from a use-after-free in the Mail component when processing email messages. A remote attacker could exploit this vulnerability to execute arbitrary code. The following products and versions are affected: iPados: 14.0 18A373, 14.0.1 18A393, 14.1 18A8395, 14.2 18b92, 14.2 18b111, 14.3 18C66, 14.4 18d52, 14.4.1 18d61, 14.4.2 18D70, 14E199, 14.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5", "sources": [ { "db": "NVD", "id": "CVE-2021-30741" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-390474" }, { "db": "VULMON", "id": "CVE-2021-30741" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-30741", "trust": 1.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1797", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052505", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202105-1522", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2022-55060", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-390474", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-30741", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-390474" }, { "db": "VULMON", "id": "CVE-2021-30741" }, { "db": "NVD", "id": "CVE-2021-30741" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202105-1522" } ] }, "id": "VAR-202109-1354", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-390474" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:10:34.193000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apple iPadOS Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151707" }, { "title": "Apple: iOS 14.6 and iPadOS 14.6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aebc753d2fbbe6784a52339b16fd5417" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-30741" }, { "db": "CNNVD", "id": "CNNVD-202105-1522" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-390474" }, { "db": "NVD", "id": "CVE-2021-30741" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://support.apple.com/en-us/ht212528" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-35513" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30741" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052505" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1797" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/416.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht212528" } ], "sources": [ { "db": "VULHUB", "id": "VHN-390474" }, { "db": "VULMON", "id": "CVE-2021-30741" }, { "db": "NVD", "id": "CVE-2021-30741" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202105-1522" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-390474" }, { "db": "VULMON", "id": "CVE-2021-30741" }, { "db": "NVD", "id": "CVE-2021-30741" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202105-1522" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-08T00:00:00", "db": "VULHUB", "id": "VHN-390474" }, { "date": "2021-09-08T00:00:00", "db": "VULMON", "id": "CVE-2021-30741" }, { "date": "2021-09-08T14:15:09.513000", "db": "NVD", "id": "CVE-2021-30741" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-05-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1522" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-09T00:00:00", "db": "VULHUB", "id": "VHN-390474" }, { "date": "2021-09-14T00:00:00", "db": "VULMON", "id": "CVE-2021-30741" }, { "date": "2023-01-09T16:41:59.350000", "db": "NVD", "id": "CVE-2021-30741" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-09-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1522" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-1522" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Pillow Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }