CVE-2021-30733

Опубликовано: 08 сент. 2021

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure of process memory.

Ссылки

https://support.apple.com/en-us/HT212528
Vendor Advisory
https://support.apple.com/en-us/HT212529
Vendor Advisory
https://support.apple.com/en-us/HT212532
Vendor Advisory
https://support.apple.com/en-us/HT212533
Vendor Advisory
https://support.apple.com/en-us/HT212600
Vendor Advisory
https://support.apple.com/en-us/HT212603
Vendor Advisory
https://support.apple.com/en-us/HT212528
Vendor Advisory
https://support.apple.com/en-us/HT212529
Vendor Advisory
https://support.apple.com/en-us/HT212532
Vendor Advisory
https://support.apple.com/en-us/HT212533
Vendor Advisory
https://support.apple.com/en-us/HT212600
Vendor Advisory
https://support.apple.com/en-us/HT212603
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия до 14.6 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 14.6 (исключая)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия от 10.14.0 (включая) до 10.14.5 (включая)

cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-003:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-004:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.4:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.6:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.6:-:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.6:supplemental_update:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 11.0.1 (включая) до 11.4 (исключая)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 14.6 (исключая)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Версия до 7.5 (исключая)

EPSS

Процентиль: 56%

0.00334

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-jf77-8jp8-mmmm

CVSS3: 5.5

github

больше 3 лет назад

BDU:2021-05435

CVSS3: 6.5

fstec

больше 4 лет назад

Уязвимость прикладного программного интерфейса CoreText операционных систем iOS, macOS, iPadOS, iPhoneOS, watchOS и tvOS, позволяющая нарушителю получить доступ к защищаемой информации

EPSS

Процентиль: 56%

0.00334

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125