Details of VAR-202108-1243

ID

VAR-202108-1243

CVE

CVE-2021-30928

TITLE

Out-of-bounds write vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2021-020971

DESCRIPTION

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, watchOS 8, tvOS 15, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution. iPadOS , iOS , macOS Multiple Apple products have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreGraphics library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none

Trust: 2.43

sources: NVD: CVE-2021-30928 // JVNDB: JVNDB-2021-020971 // ZDI: ZDI-22-356 // VULHUB: VHN-390661 // VULMON: CVE-2021-30928

AFFECTED PRODUCTS

vendor:	apple	model:	icloud	scope:	eq	version:	13.0	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.8	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	15.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	8.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.0	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	icloud	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	eq	version:	8.0	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-22-356 // JVNDB: JVNDB-2021-020971 // NVD: CVE-2021-30928

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30928
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-30928
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-30928
value:	LOW
Trust: 0.7
CNNVD:	CNNVD-202108-2024
value:	HIGH
Trust: 0.6
VULHUB:	VHN-390661
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30928
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-390661
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30928
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30928
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2021-30928
baseSeverity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-22-356 // VULHUB: VHN-390661 // JVNDB: JVNDB-2021-020971 // CNNVD: CNNVD-202108-2024 // NVD: CVE-2021-30928

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-390661 // JVNDB: JVNDB-2021-020971 // NVD: CVE-2021-30928

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2024

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202108-2024

PATCH

title:	HT212815 Apple Security update	url:	https://support.apple.com/en-us/HT212804	Trust: 0.8
title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/HT212804	Trust: 0.7
title:	Apple Repair measures for buffer errors and vulnerabilities in many products	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186813	Trust: 0.6

sources: ZDI: ZDI-22-356 // JVNDB: JVNDB-2021-020971 // CNNVD: CNNVD-202108-2024

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30928	Trust: 4.1
db:	ZDI	id:	ZDI-22-356	Trust: 1.3
db:	JVNDB	id:	JVNDB-2021-020971	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-14515	Trust: 0.7
db:	CNNVD	id:	CNNVD-202108-2024	Trust: 0.6
db:	VULHUB	id:	VHN-390661	Trust: 0.1
db:	VULMON	id:	CVE-2021-30928	Trust: 0.1

sources: ZDI: ZDI-22-356 // VULHUB: VHN-390661 // VULMON: CVE-2021-30928 // JVNDB: JVNDB-2021-020971 // CNNVD: CNNVD-202108-2024 // NVD: CVE-2021-30928

REFERENCES

url:	https://support.apple.com/kb/ht212953	Trust: 2.5
url:	https://support.apple.com/en-us/ht212804	Trust: 1.7
url:	https://support.apple.com/en-us/ht212807	Trust: 1.7
url:	https://support.apple.com/en-us/ht212814	Trust: 1.7
url:	https://support.apple.com/en-us/ht212815	Trust: 1.7
url:	https://support.apple.com/en-us/ht212819	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30928	Trust: 0.8
url:	https://support.apple.com/ht212804	Trust: 0.7
url:	https://www.zerodayinitiative.com/advisories/zdi-22-356/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-22-356 // VULHUB: VHN-390661 // VULMON: CVE-2021-30928 // JVNDB: JVNDB-2021-020971 // CNNVD: CNNVD-202108-2024 // NVD: CVE-2021-30928

CREDITS

Mickey Jin (@patch1t) of Trend Micro

Trust: 1.3

sources: ZDI: ZDI-22-356 // CNNVD: CNNVD-202108-2024

SOURCES

db:	ZDI	id:	ZDI-22-356
db:	VULHUB	id:	VHN-390661
db:	VULMON	id:	CVE-2021-30928
db:	JVNDB	id:	JVNDB-2021-020971
db:	CNNVD	id:	CNNVD-202108-2024
db:	NVD	id:	CVE-2021-30928

LAST UPDATE DATE

2024-08-14T14:11:15.819000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-356	date:	2022-02-16T00:00:00
db:	VULHUB	id:	VHN-390661	date:	2022-10-11T00:00:00
db:	VULMON	id:	CVE-2021-30928	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-020971	date:	2024-07-17T01:51:00
db:	CNNVD	id:	CNNVD-202108-2024	date:	2022-05-30T00:00:00
db:	NVD	id:	CVE-2021-30928	date:	2023-11-07T03:33:54.373

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-356	date:	2022-02-16T00:00:00
db:	VULHUB	id:	VHN-390661	date:	2021-08-24T00:00:00
db:	VULMON	id:	CVE-2021-30928	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-020971	date:	2024-07-17T00:00:00
db:	CNNVD	id:	CNNVD-202108-2024	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-30928	date:	2021-08-24T19:15:20.170