Details of VAR-202109-1303

ID

VAR-202109-1303

CVE

CVE-2021-30653

TITLE

plural Apple Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-013681

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. An input validation error vulnerability exists in macOS due to insufficient validation of user-supplied input within the ImageIO component. The following products and versions are affected: macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 2

Trust: 2.25

sources: NVD: CVE-2021-30653 // JVNDB: JVNDB-2021-013681 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390386

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	14.5	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	14.5	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	7.4	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.5	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.3	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-013681 // NVD: CVE-2021-30653

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30653
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-30653
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-1948
value:	HIGH
Trust: 0.6
VULHUB:	VHN-390386
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30653
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-390386
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30653
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30653
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-390386 // JVNDB: JVNDB-2021-013681 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1948 // NVD: CVE-2021-30653

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-013681 // NVD: CVE-2021-30653

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-1948

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	HT212324 Apple Security update	url:	https://support.apple.com/en-us/HT212317	Trust: 0.8
title:	Apple macOS Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148625	Trust: 0.6
title:	Apple: macOS Big Sur 11.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c631c09ebe15d0799205eda727cdfeb3	Trust: 0.1

sources: VULMON: CVE-2021-30653 // JVNDB: JVNDB-2021-013681 // CNNVD: CNNVD-202104-1948

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30653	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-013681	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1408.2	Trust: 0.6
db:	CS-HELP	id:	SB2021042704	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-1948	Trust: 0.6
db:	VULHUB	id:	VHN-390386	Trust: 0.1
db:	VULMON	id:	CVE-2021-30653	Trust: 0.1

sources: VULHUB: VHN-390386 // VULMON: CVE-2021-30653 // JVNDB: JVNDB-2021-013681 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1948 // NVD: CVE-2021-30653

REFERENCES

url:	https://support.apple.com/en-us/ht212317	Trust: 1.7
url:	https://support.apple.com/en-us/ht212323	Trust: 1.7
url:	https://support.apple.com/en-us/ht212324	Trust: 1.7
url:	https://support.apple.com/en-us/ht212325	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30653	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1408.2	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35171	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042704	Trust: 0.6
url:	https://support.apple.com/kb/ht212325	Trust: 0.1

sources: VULHUB: VHN-390386 // VULMON: CVE-2021-30653 // JVNDB: JVNDB-2021-013681 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1948 // NVD: CVE-2021-30653

SOURCES

db:	VULHUB	id:	VHN-390386
db:	VULMON	id:	CVE-2021-30653
db:	JVNDB	id:	JVNDB-2021-013681
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-1948
db:	NVD	id:	CVE-2021-30653

LAST UPDATE DATE

2024-08-14T12:35:38.436000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390386	date:	2022-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-013681	date:	2022-09-26T01:29:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-1948	date:	2021-09-18T00:00:00
db:	NVD	id:	CVE-2021-30653	date:	2022-06-28T14:11:45.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390386	date:	2021-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-013681	date:	2022-09-26T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-1948	date:	2021-04-27T00:00:00
db:	NVD	id:	CVE-2021-30653	date:	2021-09-08T15:15:12.873