Details of VAR-202108-1274

ID

VAR-202108-1274

CVE

CVE-2021-30959

TITLE

apple's Apple Mac OS X and macOS Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021128

DESCRIPTION

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information. apple's Apple Mac OS X and macOS Exists in a classic buffer overflow vulnerability.Information may be obtained. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. Information about the security content is also available at https://support.apple.com/HT212979. Archive Utility Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30950: @gorelics Bluetooth Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: A logic issue was addressed with improved validation. CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America Bluetooth Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30935: an anonymous researcher ColorSync Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab CVE-2021-30961: an anonymous researcher CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: macOS Big Sur Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab Crash Reporter Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Graphics Drivers Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30977: Jack Dates of RET2 Systems, Inc. Help Viewer Available for: macOS Big Sur Impact: Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk Description: A path handling issue was addressed with improved validation. CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30981: Liu Long of Ant Security Light-Year Lab, an anonymous researcher IOUSBHostFamily Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: A race condition was addressed with improved locking. CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero LaunchServices Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved validation. CVE-2021-30990: Ron Masas of BreakPoint.sh LaunchServices Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security Preferences Available for: macOS Big Sur Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t) Sandbox Available for: macOS Big Sur Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security Sandbox Available for: macOS Big Sur Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security Sandbox Available for: macOS Big Sur Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics Script Editor Available for: macOS Big Sur Impact: A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions Description: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. CVE-2021-30975: Ryan Pickren (ryanpickren.com) TCC Available for: macOS Big Sur Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2021-30970: Jonathan Bar Or of Microsoft TCC Available for: macOS Big Sur Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients Description: A logic issue was addressed with improved state management. CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security Wi-Fi Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: This issue was addressed with improved checks. CVE-2021-30938: Xinru Chi of Pangu Lab Additional recognition Admin Framework We would like to acknowledge Simon Andersen of Aarhus University and Pico Mitchell for their assistance. ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance. Contacts We would like to acknowledge Minchan Park (03stin) for their assistance. Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance. Model I/O We would like to acknowledge Rui Yang and Xingwei Lin of Ant Security Light-Year Lab for their assistance. Installation note: This update may be obtained from the Mac App Store Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UncACgkQeC9qKD1p rhi3ZA/+JN0mQCWghikUr8/kK9kNAz6FtHO3M5yvyXXQkArAQBmaTk5aaSpsEDi1 KrE+khCjp7N1eGTHrJ2L6q35X+2UEZZUGC/Uic7Dt/CKoQvkTyfGKCHMIhTxF6O8 JGRIz1+wKCXq8lADs29Q1rRg0TkfaIcbCiKI0YMNWgGWBVuXy5LBq/6EvZ2f8Vhe kvDB46D27C9xHgbCq+ihmVdE6iwAVfVYYOh22uP2lGkT6a1jKI6iifkPl/tuiiVy ZWRLWUJwa3HOdAzy511MSjdnj9RBsI4TYJa4QW+Urn8N4sf9wlrU+5Ng+Yfob4U7 n1G2g2V3o3CQpInl+L7CQN44oFYy9UMmuQGtWd3AqcUbTASuoYcV7P6Hz9X5Akwo buASJcsVBbsCCcFGu8OCygvM3ro44D7uG0vPy65BBTVxgiEyUtSuEE8Gti930zC0 FbBgIQk0W2rvBZiEh+stl/87XrIso18oW7k2D5gmkud6TWqK83JxS8Dmd8Rs1uGW Jc2f7enQyN3OQ2MqcU2aYPdV9+QoEq4Hn29xlct99Vq8lcSwp+rtrP7ZgF3MqVRB Dku4o5Xeh3JngTn1si+lk7X1xVX8DHPnV/k0ZUuCB6TJOLUkdye8ezoLpmkf6Nq/ Q5LC4KIwz9JVMON1ZArO58EMBJXKrA8doxHAxZBOBJxBJQqEltQ\x8afg -----END PGP SIGNATURE-----

Trust: 1.98

sources: NVD: CVE-2021-30959 // JVNDB: JVNDB-2021-021128 // VULHUB: VHN-390692 // VULMON: CVE-2021-30959 // PACKETSTORM: 165356 // PACKETSTORM: 165357

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6.2	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	11.0 that's all 11.6.2	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-021128 // NVD: CVE-2021-30959

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30959
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-30959
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202108-2060
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-390692
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30959
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-390692
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30959
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30959
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-390692 // JVNDB: JVNDB-2021-021128 // CNNVD: CNNVD-202108-2060 // NVD: CVE-2021-30959

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.1
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-390692 // JVNDB: JVNDB-2021-021128 // NVD: CVE-2021-30959

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2060

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202108-2060

PATCH

title:	HT212979 Apple Security update	url:	https://support.apple.com/en-us/HT212979	Trust: 0.8
title:	Apple macOS Big Sur Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=174550	Trust: 0.6

sources: JVNDB: JVNDB-2021-021128 // CNNVD: CNNVD-202108-2060

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30959	Trust: 3.6
db:	PACKETSTORM	id:	165356	Trust: 0.8
db:	PACKETSTORM	id:	165357	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-021128	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.4265	Trust: 0.6
db:	CS-HELP	id:	SB2021121431	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-2060	Trust: 0.6
db:	VULHUB	id:	VHN-390692	Trust: 0.1
db:	VULMON	id:	CVE-2021-30959	Trust: 0.1

sources: VULHUB: VHN-390692 // VULMON: CVE-2021-30959 // JVNDB: JVNDB-2021-021128 // PACKETSTORM: 165356 // PACKETSTORM: 165357 // CNNVD: CNNVD-202108-2060 // NVD: CVE-2021-30959

REFERENCES

url:	https://support.apple.com/en-us/ht212979	Trust: 2.3
url:	https://support.apple.com/en-us/ht212981	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30959	Trust: 1.0
url:	https://www.cybersecurity-help.cz/vdb/sb2021121431	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4265	Trust: 0.6
url:	https://packetstormsecurity.com/files/165357/apple-security-advisory-2021-12-15-4.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064	Trust: 0.6
url:	https://packetstormsecurity.com/files/165356/apple-security-advisory-2021-12-15-3.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30961	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30958	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30969	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30938	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30935	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30927	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30945	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30939	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30950	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30941	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30963	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30965	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30973	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30931	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30971	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30937	Trust: 0.2
url:	https://support.apple.com/kb/ht201222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30968	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30940	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30949	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30767	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30929	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30942	Trust: 0.2
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/ht212979.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30970	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30946	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30947	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30977	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30976	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30975	Trust: 0.1
url:	https://support.apple.com/ht212981.	Trust: 0.1

CREDITS

Apple

Trust: 0.2

sources: PACKETSTORM: 165356 // PACKETSTORM: 165357

SOURCES

db:	VULHUB	id:	VHN-390692
db:	VULMON	id:	CVE-2021-30959
db:	JVNDB	id:	JVNDB-2021-021128
db:	PACKETSTORM	id:	165356
db:	PACKETSTORM	id:	165357
db:	CNNVD	id:	CNNVD-202108-2060
db:	NVD	id:	CVE-2021-30959

LAST UPDATE DATE

2024-08-14T12:16:41.967000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390692	date:	2022-01-03T00:00:00
db:	VULMON	id:	CVE-2021-30959	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-021128	date:	2024-07-18T01:42:00
db:	CNNVD	id:	CNNVD-202108-2060	date:	2022-12-09T00:00:00
db:	NVD	id:	CVE-2021-30959	date:	2023-11-07T03:34:03.703

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390692	date:	2021-08-24T00:00:00
db:	VULMON	id:	CVE-2021-30959	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-021128	date:	2024-07-18T00:00:00
db:	PACKETSTORM	id:	165356	date:	2021-12-17T19:19:33
db:	PACKETSTORM	id:	165357	date:	2021-12-17T19:19:44
db:	CNNVD	id:	CNNVD-202108-2060	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-30959	date:	2021-08-24T19:15:22.147