CVE-2021-30959

Published: Aug 24, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.

Affected (10)

Products: Apple: Mac Os X, Macos

Apple

2 products

Mac Os X

Macos

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	From 10.15 to 10.15.7
Apple Mac Os X	Version 10.15.7 security_update_2020-001
Apple Mac Os X	Version 10.15.7 security_update_2021-001
Apple Mac Os X	Version 10.15.7 security_update_2021-002
Apple Mac Os X	Version 10.15.7 security_update_2021-003
Apple Mac Os X	Version 10.15.7 security_update_2021-004
Apple Mac Os X	Version 10.15.7 security_update_2021-005
Apple Mac Os X	Version 10.15.7 security_update_2021-006
Apple Mac Os X	Version 10.15.7 security_update_2021-007
Apple Macos	From 11.0 to 11.6.2

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://support.apple.com/en-us/HT212979

Source: product-security@apple.com

https://support.apple.com/en-us/HT212981

Source: product-security@apple.com

https://support.apple.com/en-us/HT212979

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/en-us/HT212981

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.