CVE-2021-30789

{"id": "CVE-2021-30789", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-09-08T14:15:11.390", "references": [{"url": "https://support.apple.com/en-us/HT212600", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT212601", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT212602", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT212604", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT212605", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution."}, {"lang": "es", "value": "Se abord\u00f3 una lectura fuera de l\u00edmites con una comprobaci\u00f3n de entrada mejorada. Este problema se corrigi\u00f3 en iOS versi\u00f3n 14.7, macOS Big Sur versi\u00f3n 11.5, watchOS versi\u00f3n 7.6, tvOS versi\u00f3n 14.7, Security Update 2021-004 Catalina. El procesamiento de un archivo de fuentes maliciosamente dise\u00f1ado puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario"}], "lastModified": "2021-09-15T19:34:10.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3AF02B7-BF1F-483A-BA47-9B5B92AF1D29", "versionEndExcluding": "14.7"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "141A3268-DBD7-4F40-8BE4-CF8D9A0DF3E1", "versionEndIncluding": "10.15.6", "versionStartIncluding": "10.15"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F12CC8B5-C1EB-419E-8496-B9A3864656AD"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FD7176C-F4D1-43A7-9E49-BA92CA0D9980"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1C795B9-E58D-467C-83A8-2D45C792292F"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91CD5E8A-20E3-4193-BD1F-99FB1147081C", "versionEndExcluding": "11.5"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE66C45C-B3D7-444B-AE70-8EF7A380295E", "versionEndExcluding": "11.5", "versionStartIncluding": "11.0"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC9C8462-9BFF-4CC8-AB3A-0AAA8B20A81F", "versionEndExcluding": "14.7"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94EF9266-E8BC-4F20-B724-A3151A06192C", "versionEndExcluding": "7.6"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}