CVE-2021-30952

Advisory lineage Upstream: 0 Downstream: 11
Analyzed
Published: 24 Aug 2021, 18:50
Last modified:06 Mar 2026, 05:01

Vulnerability Summary

Overall Risk (default)
medium
45/100
CVSS Score
8.8 HIGH
v3.1 (cve.org)
EPSS Score
1.28% LOW
1% probability +0.95%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

24 Aug 2021, 18:50
Published
Vulnerability first disclosed
05 Mar 2026, 00:00
Added to CISA KEV
Apple Multiple Products Integer Overflow or Wraparound Vulnerability
06 Mar 2026, 05:01
Last Modified
Vulnerability information updated
26 Mar 2026, 00:00
CISA Remediation Due
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • v3.1HIGHScore: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • v2.0MEDIUMScore: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 1.28% Percentile: 80%

Techniques & Countermeasures

  • CWE-190Integer Overflow or Wraparound

    The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Affected Systems

  • UnknowniOS and iPadOS

    ≥ unspecified, < 15.2

  • appleipados

    < 15.2

  • appleiphone_os

    < 15.2

  • UnknownmacOS

    ≥ unspecified, < 12.1 | ≥ unspecified, < 15.2 | ≥ 12.0, < 12.1

  • applesafari

    < 15.2

  • appletvos

    < 15.2

  • applewatchos

    ≥ unspecified, < 8.3 | < 8.3

  • debiandebian_linux

    10.0 | 11.0

  • fedoraprojectfedora

    34 | 35

  • UnknownWebKitGTK

    < 2.34.4

  • wpewebkitwpe_webkit

    < 2.34.4

References (12)