CVE-2021-30836

Advisory lineage Upstream: 0 Downstream: 11
Modified
Published: 28 Oct 2021, 18:17
Last modified:03 Aug 2024, 22:48

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.12% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

28 Oct 2021, 18:17
Published
Vulnerability first disclosed
03 Aug 2024, 22:48
Last Modified
Vulnerability information updated

Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory.

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  • v2.0MEDIUMScore: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.12% Percentile: 31%

Techniques & Countermeasures

  • CWE-125Out-of-bounds Read

    The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

  • UnknowniOS and iPadOS

    ≥ unspecified, < 14.8 | ≥ unspecified, < 15

  • appleipados

    < 14.8

  • appleiphone_os

    < 14.8

  • UnknownmacOS

    < 12.0.1

  • applesafari

    < 15.0.0

  • appletvos

    < 15.0 | ≥ unspecified, < 15

  • applewatchos

    < 8.0 | ≥ unspecified, < 8

References (7)