Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2021-30737

Published: 08/09/2021 Updated: 09/01/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Apple

Vulnerability Summary

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x 10.14.6

apple mac os x 10.15.7

apple mac os x 10.15.6

apple watchos

apple tvos

apple iphone os

apple ipados

apple mac os x

apple macos

Mailing Lists

Full Disclosure: APPLE-SA-2021-05-25-7 tvOS 14.6
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2021-05-25-7 tvOS 146 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Product Security vi ...

Github Repositories

https://github.com/Siguza/ios-resources

Useful resources for iOS hacking

iOS Hacking Resources Basics Official references: ARMv8 Instruction Set Overview (short, kinda outdated at this point) ARMv8 Architecture Reference Manual (long) ARM A-Profile Exploration tools (same as above, but in machine readable form) ARM System Architecture Software Standards (ABIs, extensions, etc) Clang Pointer Authentication ABI My own doing: arm64 assembly crash c

https://github.com/Swordfish-Security/awesome-ios-security

iOS Security Awesome В данном репозитории собранны материалы по безопасности iOS-приложений, различные статьи, исследования, инструменты анализа и полезные библиотеки/инструменты для обеспечения безопасности прилож

https://github.com/annapustovaya/Mobix

Android Security Awesome В данном репозитории собранны материалы по безопасности Android-приложений, различные статьи, исследования, инструменты анализа и полезные библиотеки/инструменты для обеспечения безопасности п

References

CWE-787https://support.apple.com/en-us/HT212530https://support.apple.com/en-us/HT212531https://support.apple.com/en-us/HT212529https://support.apple.com/en-us/HT212528https://support.apple.com/en-us/HT212548https://support.apple.com/en-us/HT212532https://support.apple.com/en-us/HT212533https://nvd.nist.govhttps://github.com/Siguza/ios-resourceshttp://seclists.org/fulldisclosure/2021/May/69
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook