CVE-2021-30858

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:33

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/', 'name': 'FEDORA-2021-c00e45b6c0', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/', 'name': 'FEDORA-2021-edf6957b7d', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/ -
References (DEBIAN) https://www.debian.org/security/2021/dsa-4975 - Third Party Advisory () https://www.debian.org/security/2021/dsa-4975 -
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/38 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2021/Sep/38 -
References (MLIST) http://www.openwall.com/lists/oss-security/2021/10/27/2 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2021/10/27/2 -
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/25 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2021/Sep/25 -
References (MLIST) http://www.openwall.com/lists/oss-security/2021/10/26/9 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2021/10/26/9 -
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/29 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2021/Sep/29 -
References (DEBIAN) https://www.debian.org/security/2021/dsa-4976 - Third Party Advisory () https://www.debian.org/security/2021/dsa-4976 -
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/27 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2021/Sep/27 -
References (CONFIRM) https://support.apple.com/kb/HT212824 - Third Party Advisory () https://support.apple.com/kb/HT212824 -
References (MLIST) http://www.openwall.com/lists/oss-security/2021/10/27/1 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2021/10/27/1 -
References (MISC) https://support.apple.com/en-us/HT212804 - Release Notes, Vendor Advisory () https://support.apple.com/en-us/HT212804 -
References (MLIST) http://www.openwall.com/lists/oss-security/2021/10/27/4 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2021/10/27/4 -
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/50 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2021/Sep/50 -
References (MISC) https://support.apple.com/en-us/HT212807 - Release Notes, Vendor Advisory () https://support.apple.com/en-us/HT212807 -
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/39 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2021/Sep/39 -
References (MLIST) http://www.openwall.com/lists/oss-security/2021/09/20/1 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2021/09/20/1 -

03 Dec 2021, 02:27

Type Values Removed Values Added
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/ - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/25 - (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/25 - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/10/27/1 - (MLIST) http://www.openwall.com/lists/oss-security/2021/10/27/1 - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/50 - (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/50 - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/27 - (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/27 - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/10/27/4 - (MLIST) http://www.openwall.com/lists/oss-security/2021/10/27/4 - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/10/26/9 - (MLIST) http://www.openwall.com/lists/oss-security/2021/10/26/9 - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/38 - (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/38 - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/10/27/2 - (MLIST) http://www.openwall.com/lists/oss-security/2021/10/27/2 - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-4975 - (DEBIAN) https://www.debian.org/security/2021/dsa-4975 - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/09/20/1 - (MLIST) http://www.openwall.com/lists/oss-security/2021/09/20/1 - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/ - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/39 - (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/39 - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/29 - (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/29 - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-4976 - (DEBIAN) https://www.debian.org/security/2021/dsa-4976 - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT212824 - (CONFIRM) https://support.apple.com/kb/HT212824 - Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

27 Oct 2021, 21:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/10/27/4 -

27 Oct 2021, 15:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/10/27/2 -

27 Oct 2021, 06:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/10/27/1 -

26 Oct 2021, 21:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/10/26/9 -

04 Oct 2021, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/ -

24 Sep 2021, 16:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/50 -

23 Sep 2021, 19:15

Type Values Removed Values Added
References
  • (CONFIRM) https://support.apple.com/kb/HT212824 -

23 Sep 2021, 00:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2021/dsa-4975 -
  • (DEBIAN) https://www.debian.org/security/2021/dsa-4976 -

22 Sep 2021, 00:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/38 -
  • (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/39 -

21 Sep 2021, 17:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/ -

20 Sep 2021, 15:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/09/20/1 -

17 Sep 2021, 22:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/27 -
  • (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/25 -
  • (FULLDISC) http://seclists.org/fulldisclosure/2021/Sep/29 -

15 Sep 2021, 12:55

Type Values Removed Values Added
References (MISC) https://support.apple.com/en-us/HT212804 - (MISC) https://support.apple.com/en-us/HT212804 - Release Notes, Vendor Advisory
References (MISC) https://support.apple.com/en-us/HT212807 - (MISC) https://support.apple.com/en-us/HT212807 - Release Notes, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 8.8
CWE CWE-416
CPE cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

14 Sep 2021, 15:15

Type Values Removed Values Added
Summary ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References
  • (MISC) https://support.apple.com/en-us/HT212804 -
  • (MISC) https://support.apple.com/en-us/HT212807 -

24 Aug 2021, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-08-24 19:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-30858

Mitre link : CVE-2021-30858

CVE.ORG link : CVE-2021-30858


JSON object : View

Products Affected

apple

  • iphone_os
  • ipados
  • macos

debian

  • debian_linux

fedoraproject

  • fedora
CWE
CWE-416

Use After Free