Sign-up

ID

VAR-202109-1383


CVE

CVE-2021-30716


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to perform denial of service. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. An input validation error vulnerability exists in the smbx component of Apple MacOS due to insufficient validation of user-supplied input in smbx. The following products and versions are affected: macOS 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4, 1509F9.5 1509F96 19F101, 10.15.6 19G73, 10.15.6 19G2021, 10.15.7 19H2, 10.15.7 19H4, 10.15.7 19H15, 10.15.7

Trust: 1.62

sources: NVD: CVE-2021-30716 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390449 // VULMON: CVE-2021-30716

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.15.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.4

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.14.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

sources: NVD: CVE-2021-30716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30716
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-1535
value: MEDIUM

Trust: 0.6

VULHUB: VHN-390449
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-30716
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30716
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-390449
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30716
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-390449 // VULMON: CVE-2021-30716 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1535 // NVD: CVE-2021-30716

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2021-30716

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1535

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Apple macOS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151720

Trust: 0.6

sources: CNNVD: CNNVD-202105-1535

EXTERNAL IDS

db:NVDid:CVE-2021-30716

Trust: 1.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1794

Trust: 0.6

db:CS-HELPid:SB2021052502

Trust: 0.6

db:TALOSid:TALOS-2021-1263

Trust: 0.6

db:CNNVDid:CNNVD-202105-1535

Trust: 0.6

db:VULHUBid:VHN-390449

Trust: 0.1

db:VULMONid:CVE-2021-30716

Trust: 0.1

sources: VULHUB: VHN-390449 // VULMON: CVE-2021-30716 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1535 // NVD: CVE-2021-30716

REFERENCES

url:https://support.apple.com/en-us/ht212529

Trust: 1.8

url:https://support.apple.com/en-us/ht212530

Trust: 1.8

url:https://support.apple.com/en-us/ht212531

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1794

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052502

Trust: 0.6

url:https://talosintelligence.com/vulnerability_reports/talos-2021-1263

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35514

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-30716

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/fulldisclosure/2021/may/65

Trust: 0.1

sources: VULHUB: VHN-390449 // VULMON: CVE-2021-30716 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1535 // NVD: CVE-2021-30716

CREDITS

Discovered by Aleksandar Nikolic of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202105-1535

SOURCES

db:VULHUBid:VHN-390449
db:VULMONid:CVE-2021-30716
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-1535
db:NVDid:CVE-2021-30716

LAST UPDATE DATE

2024-08-14T13:10:26.443000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390449date:2021-09-16T00:00:00
db:VULMONid:CVE-2021-30716date:2021-09-16T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-1535date:2021-09-18T00:00:00
db:NVDid:CVE-2021-30716date:2021-09-16T15:30:33.990

SOURCES RELEASE DATE

db:VULHUBid:VHN-390449date:2021-09-08T00:00:00
db:VULMONid:CVE-2021-30716date:2021-09-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-1535date:2021-05-25T00:00:00
db:NVDid:CVE-2021-30716date:2021-09-08T15:15:16.043