CVE-2021-30934: Buffer Overflow
First published: Tue Aug 24 2021(Updated: )
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Credit: Dani Biro Dani Biro Dani Biro Dani Biro Dani Biro cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/webkit2gtk | 2.36.4-1~deb10u1 2.38.6-0+deb10u1 2.40.5-1~deb11u1 2.42.1-1~deb11u2 2.40.5-1~deb12u1 2.42.1-1~deb12u1 2.42.1-2 | |
| debian/wpewebkit | 2.38.6-1~deb11u1 2.38.6-1 2.42.1-1 | |
| Apple Safari | <15.2 | |
| Apple iPadOS | <15.2 | |
| Apple iPhone OS | <15.2 | |
| Apple macOS | >=12.0<12.1 | |
| Apple tvOS | <15.2 | |
| Apple watchOS | <8.3 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Apple Safari | <15.2 | 15.2 |
| Apple watchOS | <8.3 | 8.3 |
| Apple tvOS | <15.2 | 15.2 |
| Apple iOS | <15.2 | 15.2 |
| Apple iPadOS | <15.2 | 15.2 |
| Apple macOS Monterey | <12.1 | 12.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://webkitgtk.org/security/WSA-2022-0001.html
- https://security-tracker.debian.org/tracker/CVE-2021-30934
- https://support.apple.com/en-us/HT212982 (Advisory)
- https://support.apple.com/en-us/HT212978 (Advisory)
- https://support.apple.com/en-us/HT212975 (Advisory)
- https://support.apple.com/en-us/HT212980 (Advisory)
- http://www.openwall.com/lists/oss-security/2022/01/21/2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/
- https://support.apple.com/en-us/HT212976 (Advisory)
- https://www.debian.org/security/2022/dsa-5060
- https://www.debian.org/security/2022/dsa-5061
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-30934
- CVE-2021-30936
- CVE-2021-30951
- CVE-2021-30952
- CVE-2021-30984
- CVE-2021-30953
- CVE-2021-30954
- CVE-2021-30987
- CVE-2021-30950
- CVE-2021-30960
- CVE-2021-30986
- CVE-2021-30966
- CVE-2021-30926
- CVE-2021-30942
- CVE-2021-30957
- CVE-2021-30958
- CVE-2021-30935
- CVE-2021-30945
- CVE-2021-31007
- CVE-2021-31013
- CVE-2021-31000
- CVE-2021-30977
- CVE-2021-30939
- CVE-2021-30981
- CVE-2021-30996
- CVE-2021-30982
- CVE-2021-30937
- CVE-2021-30927
- CVE-2021-30980
- CVE-2021-30949
- CVE-2021-30993
- CVE-2021-30955
- CVE-2021-30976
- CVE-2021-30990
- CVE-2021-30943
- CVE-2021-31009
- CVE-2021-30971
- CVE-2021-30973
- CVE-2021-30929
- CVE-2021-30979
- CVE-2021-30940
- CVE-2021-30941
- CVE-2021-30995
- CVE-2021-30968
- CVE-2021-30946
- CVE-2021-30947
- CVE-2021-30975
- CVE-2021-30944
- CVE-2021-30972
- CVE-2021-30767
- CVE-2021-30964
- CVE-2021-30970
- CVE-2021-30965
- CVE-2021-30938
- CVE-2021-30916
- CVE-2021-30962
- CVE-2021-30956
- CVE-2021-30992
- CVE-2021-30983
- CVE-2021-30985
- CVE-2021-30991
- CVE-2021-30998
- CVE-2021-30997
- CVE-2021-30967
- CVE-2021-30988
- CVE-2021-30932
- CVE-2021-30948
Frequently Asked Questions
What is CVE-2021-30934?
CVE-2021-30934 is a buffer overflow vulnerability in WebKit that has been addressed with improved memory handling.
Which software is affected by CVE-2021-30934?
CVE-2021-30934 affects Apple macOS Monterey version up to 12.1, Apple iOS version up to 15.2, Apple iPadOS version up to 15.2, Apple Safari version up to 15.2, Apple watchOS version up to 8.3, and Apple tvOS version up to 15.2.
How can I fix the CVE-2021-30934 vulnerability?
To fix the CVE-2021-30934 vulnerability, make sure to update affected software to the specified remediation versions.
Where can I find more information about CVE-2021-30934?
You can find more information about CVE-2021-30934 on the Apple support page.
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2021-30934?
The Common Weakness Enumeration (CWE) ID associated with CVE-2021-30934 is CWE-119.
- collector/security-tracker-debian
- collector/apple-support
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/apple
- canonical/apple safari
- canonical/apple macos monterey
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple macos
- version/apple macos/12.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- canonical/apple ios