CVE-2021-30984

A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.1 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.apple.com/en-us/HT212975	Vendor Advisory
https://support.apple.com/en-us/HT212978	Vendor Advisory
https://support.apple.com/en-us/HT212976	Vendor Advisory
https://support.apple.com/en-us/HT212982	Vendor Advisory
https://support.apple.com/en-us/HT212980	Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/01/21/2	Issue Tracking Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/	Issue Tracking Mailing List Third Party Advisory
https://www.debian.org/security/2022/dsa-5061	Issue Tracking Third Party Advisory
https://www.debian.org/security/2022/dsa-5060	Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Information

Published : 2021-08-24 12:15

Updated : 2022-02-18 20:34

NVD link : CVE-2021-30984

Mitre link : CVE-2021-30984

JSON object : View

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Products Affected

apple

tvos
macos
safari
watchos
iphone_os
ipados

fedoraproject

fedora

debian

debian_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://support.apple.com/en-us/HT212975", "name": "https://support.apple.com/en-us/HT212975", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT212978", "name": "https://support.apple.com/en-us/HT212978", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT212976", "name": "https://support.apple.com/en-us/HT212976", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT212982", "name": "https://support.apple.com/en-us/HT212982", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT212980", "name": "https://support.apple.com/en-us/HT212980", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2022/01/21/2", "name": "[oss-security] 20220121 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/", "name": "FEDORA-2022-25a98f5d55", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://www.debian.org/security/2022/dsa-5061", "name": "DSA-5061", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://www.debian.org/security/2022/dsa-5060", "name": "DSA-5060", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/", "name": "FEDORA-2022-f7366e60cb", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-362"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-30984", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}}, "publishedDate": "2021-08-24T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.2"}, {"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.2"}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.2"}, {"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "12.1"}, {"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.2"}, {"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.3"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-02-19T04:34Z"}

7.5 /10