CVE-2021-30858

Sažetak

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Reference

http://seclists.org/fulldisclosure/2021/Sep/25
http://seclists.org/fulldisclosure/2021/Sep/27
http://seclists.org/fulldisclosure/2021/Sep/29
http://seclists.org/fulldisclosure/2021/Sep/38
http://seclists.org/fulldisclosure/2021/Sep/39
http://seclists.org/fulldisclosure/2021/Sep/50
http://www.openwall.com/lists/oss-security/2021/09/20/1
http://www.openwall.com/lists/oss-security/2021/10/26/9
http://www.openwall.com/lists/oss-security/2021/10/27/1
http://www.openwall.com/lists/oss-security/2021/10/27/2
http://www.openwall.com/lists/oss-security/2021/10/27/4
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/
https://support.apple.com/en-us/HT212804
https://support.apple.com/en-us/HT212807
https://support.apple.com/kb/HT212824
https://www.debian.org/security/2021/dsa-4975
https://www.debian.org/security/2021/dsa-4976
http://seclists.org/fulldisclosure/2021/Sep/25
http://seclists.org/fulldisclosure/2021/Sep/27
http://seclists.org/fulldisclosure/2021/Sep/29
http://seclists.org/fulldisclosure/2021/Sep/38
http://seclists.org/fulldisclosure/2021/Sep/39
http://seclists.org/fulldisclosure/2021/Sep/50
http://www.openwall.com/lists/oss-security/2021/09/20/1
http://www.openwall.com/lists/oss-security/2021/10/26/9
http://www.openwall.com/lists/oss-security/2021/10/27/1
http://www.openwall.com/lists/oss-security/2021/10/27/2
http://www.openwall.com/lists/oss-security/2021/10/27/4
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/
https://support.apple.com/en-us/HT212804
https://support.apple.com/en-us/HT212807
https://support.apple.com/kb/HT212824
https://www.debian.org/security/2021/dsa-4975
https://www.debian.org/security/2021/dsa-4976

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-01-2025 - 18:15

Objavljeno

24-08-2021 - 19:15