CVE-2021-30962 - Vulnerability Details - OpenCVE

A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Macos Tvos

Configuration 1 [-]

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::

No data.

References

Link	Providers
https://support.apple.com/en-us/HT212979
https://support.apple.com/en-us/HT212980

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2021-08-24T18:51:02

Updated: 2024-08-03T22:48:14.221Z

Reserved: 2021-04-13T00:00:00

Link: CVE-2021-30962

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-08-24T19:15:22.303

Modified: 2024-11-21T06:05:03.353

Link: CVE-2021-30962

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "tvOS", "vendor": "Apple", "versions": [{"lessThan": "15.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information."}], "problemTypes": [{"descriptions": [{"description": "Parsing a maliciously crafted audio file may lead to disclosure of user information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-26T16:54:40", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212979"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212980"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-30962", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.6"}]}}, {"product_name": "tvOS", "version": {"version_data": [{"version_affected": "<", "version_value": "15.2"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Parsing a maliciously crafted audio file may lead to disclosure of user information"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT212979", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212979"}, {"name": "https://support.apple.com/en-us/HT212980", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212980"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:48:14.221Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212979"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212980"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-30962", "datePublished": "2021-08-24T18:51:02", "dateReserved": "2021-04-13T00:00:00", "dateUpdated": "2024-08-03T22:48:14.221Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E638958B-D100-430D-9F08-54AD1DC4C980", "versionEndExcluding": "11.6.2", "versionStartIncluding": "11.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "16CAE2FB-FADC-4BF4-9115-D20D365051BF", "versionEndExcluding": "15.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information."}, {"lang": "es", "value": "Se ha solucionado un problema de inicializaci\u00f3n de la memoria con un manejo mejorado de la misma. Este problema se ha solucionado en tvOS 15.2, macOS Big Sur 11.6.2. El an\u00e1lisis de un archivo de audio malicioso puede conducir a la divulgaci\u00f3n de informaci\u00f3n del usuario"}], "id": "CVE-2021-30962", "lastModified": "2024-11-21T06:05:03.353", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-24T19:15:22.303", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT212979"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT212980"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/en-us/HT212979"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/en-us/HT212980"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}