CVE-2021-36976: Input Validation
First published: Tue Jul 20 2021(Updated: )
libarchive. Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.
Credit: CVE-2021-36976 CVE-2021-36976 cve@mitre.org CVE-2021-36976 cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Monterey | <12.3 | 12.3 |
| Apple watchOS | <8.5 | 8.5 |
| Libarchive Libarchive | >=3.4.1<=3.5.2 | |
| Fedoraproject Fedora | =35 | |
| Apple iPadOS | <15.4 | |
| Apple iPhone OS | <15.4 | |
| Apple macOS | <12.3 | |
| Apple watchOS | <8.5 | |
| Apple iOS | <15.4 | 15.4 |
| Apple iPadOS | <15.4 | 15.4 |
| Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
| Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
| Splunk Universal Forwarder | =9.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213183 (Advisory)
- https://support.apple.com/en-us/HT213193 (Advisory)
- http://seclists.org/fulldisclosure/2022/Mar/27
- http://seclists.org/fulldisclosure/2022/Mar/28
- http://seclists.org/fulldisclosure/2022/Mar/29
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SE5NJQNM22ZE5Z55LPAGCUHSBQZBKMKC/
- https://security.gentoo.org/glsa/202208-26
- https://support.apple.com/kb/HT213182
- https://support.apple.com/kb/HT213183
- https://support.apple.com/kb/HT213193
- https://support.apple.com/en-us/HT213182 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SE5NJQNM22ZE5Z55LPAGCUHSBQZBKMKC/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-22633
- CVE-2022-22669
- CVE-2022-22665
- CVE-2022-22630
- CVE-2022-22631
- CVE-2022-22625
- CVE-2022-22648
- CVE-2022-22626
- CVE-2022-22627
- CVE-2022-22597
- CVE-2022-22616
- CVE-2022-22663
- CVE-2022-26691
- CVE-2021-22946
- CVE-2021-22947
- CVE-2021-22945
- CVE-2022-22643
- CVE-2022-22657
- CVE-2022-22664
- CVE-2021-30977
- CVE-2022-22611
- CVE-2022-22612
- CVE-2022-46706
- CVE-2022-22661
- CVE-2022-22641
- CVE-2022-22613
- CVE-2022-22614
- CVE-2022-22615
- CVE-2022-22632
- CVE-2022-22638
- CVE-2022-22640
- CVE-2021-30946
- CVE-2021-36976
- CVE-2022-21658
- CVE-2022-22647
- CVE-2022-22656
- CVE-2022-22672
- CVE-2022-22644
- CVE-2022-26690
- CVE-2022-26688
- CVE-2022-22617
- CVE-2022-22609
- CVE-2022-22650
- CVE-2022-22655
- CVE-2022-22600
- CVE-2022-22599
- CVE-2022-22651
- CVE-2022-22639
- CVE-2022-22660
- CVE-2022-22621
- CVE-2021-4136
- CVE-2021-4166
- CVE-2021-4173
- CVE-2021-4187
- CVE-2021-4192
- CVE-2021-4193
- CVE-2021-46059
- CVE-2022-0128
- CVE-2022-0156
- CVE-2022-0158
- CVE-2021-30918
- CVE-2022-22662
- CVE-2022-22610
- CVE-2022-22624
- CVE-2022-22628
- CVE-2022-22629
- CVE-2022-22637
- CVE-2022-22668
- CVE-2022-22582
- CVE-2022-22666
- CVE-2022-22596
- CVE-2022-22670
- CVE-2022-22618
- CVE-2022-22654
- CVE-2022-22634
- CVE-2022-22635
- CVE-2022-22636
- CVE-2022-22652
- CVE-2022-22598
- CVE-2022-22642
- CVE-2022-22667
- CVE-2022-22653
- CVE-2022-22622
- CVE-2022-22659
- CVE-2022-22671
Frequently Asked Questions
What is CVE-2021-36976?
CVE-2021-36976 is a vulnerability in libarchive that involves multiple memory corruption issues.
What software is affected by CVE-2021-36976?
Software affected by CVE-2021-36976 includes macOS Monterey 12.3, watchOS up to 8.5, iOS up to 15.4, and iPadOS up to 15.4.
How can I fix CVE-2021-36976?
To fix CVE-2021-36976, update your software to the versions specified in the reference links provided.
Where can I find more information about CVE-2021-36976?
You can find more information about CVE-2021-36976 at the reference links provided.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-36976?
The Common Weakness Enumeration (CWE) ID for CVE-2021-36976 is CWE-20.
- collector/apple-support
- agent/type
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/trending
- vendor/apple
- canonical/apple macos monterey
- canonical/apple watchos
- vendor/libarchive
- canonical/libarchive libarchive
- version/libarchive libarchive/3.4.1
- version/libarchive libarchive/3.5.2
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple macos
- canonical/apple ios
- vendor/splunk
- canonical/splunk universal forwarder
- version/splunk universal forwarder/8.2.0
- version/splunk universal forwarder/9.0.0
- version/splunk universal forwarder/9.1.0