What is CVE-2021-30959?

CVE-2021-30959 is a buffer overflow vulnerability in CoreAudio that has been fixed with improved memory handling.

How does CVE-2021-30959 affect macOS Big Sur?

CVE-2021-30959 affects macOS Big Sur versions up to 11.6.2, but it has been addressed with the remedy version 11.6.2.

Is Apple Catalina affected by CVE-2021-30959?

Yes, Apple Catalina is affected by CVE-2021-30959.

How can I fix CVE-2021-30959?

To fix CVE-2021-30959, update macOS Big Sur to version 11.6.2 or later.

What is the Common Weakness Enumeration (CWE) ID for CVE-2021-30959?

The Common Weakness Enumeration (CWE) ID for CVE-2021-30959 is CWE-119.

Vulnerability/
CVE-2021-30959

medium

5.5

CWE

119 120

24/8/2021

3/8/2024

CVE-2021-30959: Buffer Overflow

First published: Tue Aug 24 2021(Updated: )

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.

Credit: JunDong Xie Ant Security LightJunDong Xie Ant Security LightJunDong Xie Ant Security Light cve@mitre.org JunDong Xie Ant Security LightJunDong Xie Ant Security LightJunDong Xie Ant Security Light

Affected Software	Affected Version	How to fix
Apple Catalina
Apple Mac OS X	>=10.15<=10.15.7
Apple Mac OS X	=10.15.7-security_update_2020-001
Apple Mac OS X	=10.15.7-security_update_2021-001
Apple Mac OS X	=10.15.7-security_update_2021-002
Apple Mac OS X	=10.15.7-security_update_2021-003
Apple Mac OS X	=10.15.7-security_update_2021-004
Apple Mac OS X	=10.15.7-security_update_2021-005
Apple Mac OS X	=10.15.7-security_update_2021-006
Apple Mac OS X	=10.15.7-security_update_2021-007
Apple macOS	>=11.0<11.6.2
Apple macOS	<11.6.2	11.6.2

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT212979 (Advisory)
https://support.apple.com/en-us/HT212981 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2021-30959?
CVE-2021-30959 is a buffer overflow vulnerability in CoreAudio that has been fixed with improved memory handling.
How does CVE-2021-30959 affect macOS Big Sur?
CVE-2021-30959 affects macOS Big Sur versions up to 11.6.2, but it has been addressed with the remedy version 11.6.2.
Is Apple Catalina affected by CVE-2021-30959?
Yes, Apple Catalina is affected by CVE-2021-30959.
How can I fix CVE-2021-30959?
To fix CVE-2021-30959, update macOS Big Sur to version 11.6.2 or later.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-30959?
The Common Weakness Enumeration (CWE) ID for CVE-2021-30959 is CWE-119.

collector/apple-support
alias/CVE-2021-30961
alias/CVE-2021-30963
agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/apple
canonical/apple catalina
canonical/apple mac os x
version/apple mac os x/10.15
version/apple mac os x/10.15.7
version/apple mac os x/10.15.7-security_update_2020-001
version/apple mac os x/10.15.7-security_update_2021-001
version/apple mac os x/10.15.7-security_update_2021-002
version/apple mac os x/10.15.7-security_update_2021-003
version/apple mac os x/10.15.7-security_update_2021-004
version/apple mac os x/10.15.7-security_update_2021-005
version/apple mac os x/10.15.7-security_update_2021-006
version/apple mac os x/10.15.7-security_update_2021-007
canonical/apple macos
version/apple macos/11.0