Sign-up

ID

VAR-202109-1384


CVE

CVE-2021-30717


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. A buffer error vulnerability exists in the smbx component of Apple MacOS, which stems from a boundary error in smbx. The following products and versions are affected: macOS 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4, 1509F9.5 1509F96 19F101, 10.15.6 19G73, 10.15.6 19G2021, 10.15.7 19H2, 10.15.7 19H4, 10.15.7 19H15, 10.15.7 19H11

Trust: 1.62

sources: NVD: CVE-2021-30717 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390450 // VULMON: CVE-2021-30717

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.15.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.4

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.14.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

sources: NVD: CVE-2021-30717

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30717
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-1534
value: HIGH

Trust: 0.6

VULHUB: VHN-390450
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-30717
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30717
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-390450
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30717
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-390450 // VULMON: CVE-2021-30717 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1534 // NVD: CVE-2021-30717

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-390450 // NVD: CVE-2021-30717

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1534

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Apple macOS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152686

Trust: 0.6

sources: CNNVD: CNNVD-202105-1534

EXTERNAL IDS

db:NVDid:CVE-2021-30717

Trust: 1.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1794

Trust: 0.6

db:CS-HELPid:SB2021052502

Trust: 0.6

db:TALOSid:TALOS-2021-1260

Trust: 0.6

db:CNNVDid:CNNVD-202105-1534

Trust: 0.6

db:VULHUBid:VHN-390450

Trust: 0.1

db:VULMONid:CVE-2021-30717

Trust: 0.1

sources: VULHUB: VHN-390450 // VULMON: CVE-2021-30717 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1534 // NVD: CVE-2021-30717

REFERENCES

url:https://support.apple.com/en-us/ht212529

Trust: 1.8

url:https://support.apple.com/en-us/ht212530

Trust: 1.8

url:https://support.apple.com/en-us/ht212531

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1794

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052502

Trust: 0.6

url:https://talosintelligence.com/vulnerability_reports/talos-2021-1260

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35514

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-30717

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/fulldisclosure/2021/may/65

Trust: 0.1

sources: VULHUB: VHN-390450 // VULMON: CVE-2021-30717 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1534 // NVD: CVE-2021-30717

CREDITS

Discovered by Aleksandar Nikolic of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202105-1534

SOURCES

db:VULHUBid:VHN-390450
db:VULMONid:CVE-2021-30717
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-1534
db:NVDid:CVE-2021-30717

LAST UPDATE DATE

2024-08-14T13:08:19.290000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390450date:2021-09-16T00:00:00
db:VULMONid:CVE-2021-30717date:2021-09-16T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-1534date:2021-09-18T00:00:00
db:NVDid:CVE-2021-30717date:2021-09-16T15:30:37.257

SOURCES RELEASE DATE

db:VULHUBid:VHN-390450date:2021-09-08T00:00:00
db:VULMONid:CVE-2021-30717date:2021-09-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-1534date:2021-05-25T00:00:00
db:NVDid:CVE-2021-30717date:2021-09-08T15:15:16.090