CVE-2021-1844 - OpenCVE

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Watchos Tvos Ipados Safari Macos
Fedoraproject	Fedora
Debian	Debian Linux

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*

References

Link	Resource
http://seclists.org/fulldisclosure/2021/Apr/55	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
https://support.apple.com/en-us/HT212220	Vendor Advisory
https://support.apple.com/en-us/HT212221	Vendor Advisory
https://support.apple.com/en-us/HT212222	Vendor Advisory
https://support.apple.com/en-us/HT212223	Vendor Advisory
https://support.apple.com/kb/HT212323	Vendor Advisory
https://www.debian.org/security/2021/dsa-4923	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2021-04-02T18:07:12

Updated: 2021-05-30T23:06:11

Reserved: 2020-12-08T00:00:00

Link: CVE-2021-1844

JSON object: View

NVD Information

Status : Modified

Published: 2021-04-02T19:15:20.477

Modified: 2023-11-07T03:28:52.127

Link: CVE-2021-1844

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "14.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "7.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "14.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-30T23:06:11", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212220"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212221"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212222"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212223"}, {"name": "FEDORA-2021-864dc37032", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212323"}, {"name": "20210427 APPLE-SA-2021-04-26-6 tvOS 14.5", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Apr/55"}, {"name": "DSA-4923", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4923"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-1844", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.2"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.4"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "7.3"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.0"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT212220", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212220"}, {"name": "https://support.apple.com/en-us/HT212221", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212221"}, {"name": "https://support.apple.com/en-us/HT212222", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212222"}, {"name": "https://support.apple.com/en-us/HT212223", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212223"}, {"name": "FEDORA-2021-864dc37032", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"}, {"name": "https://support.apple.com/kb/HT212323", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212323"}, {"name": "20210427 APPLE-SA-2021-04-26-6 tvOS 14.5", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Apr/55"}, {"name": "DSA-4923", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4923"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-1844", "datePublished": "2021-04-02T18:07:12", "dateReserved": "2020-12-08T00:00:00", "dateUpdated": "2021-05-30T23:06:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "B785B3FD-A576-4AF5-8500-D1D08D0F4910", "versionEndExcluding": "14.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "86ABF921-40E8-4E64-A660-FD701FF3A28B", "versionEndExcluding": "14.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "178AE56C-9561-4750-9956-7CCC4E9F0590", "versionEndExcluding": "14.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C186CD0A-4A01-481B-A2C4-0B1662BB79BB", "versionEndExcluding": "11.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5B77841-F161-47AB-8043-3E0346E3AA25", "versionEndExcluding": "14.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E57CE62-4568-4B9C-ADC1-E9E03FAF8998", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution."}, {"lang": "es", "value": "Se abord\u00f3 un problema de corrupci\u00f3n de memoria con una comprobaci\u00f3n mejorada. Este problema es corregido en iOS versi\u00f3n 14.4.1 y iPadOS versi\u00f3n 14.4.1, Safari versi\u00f3n 14.0.3 (versiones v.14610.4.3.1.7 y 15610.4.3.1.7), watchOS versi\u00f3n 7.3.2, macOS Big Sur versi\u00f3n 11.2.3. El procesamiento de contenido web dise\u00f1ado malicioso puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria."}], "id": "CVE-2021-1844", "lastModified": "2023-11-07T03:28:52.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-02T19:15:20.477", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Apr/55"}, {"source": "product-security@apple.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212220"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212221"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212222"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212223"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT212323"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4923"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}