8.8

CVE-2021-1844

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version < 14.0.3
AppleiPadOS Version < 14.4.1
AppleiPhone OS Version < 14.4.1
ApplemacOS Version < 11.2.3
AppletvOS Version < 14.5
ApplewatchOS Version < 7.3.2
DebianDebian Linux Version10.0
FedoraprojectFedora Version33
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.37% 0.816
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
https://support.apple.com/kb/HT212323
Vendor Advisory
https://www.debian.org/security/2021/dsa-4923
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Apr/55
Third Party Advisory
Mailing List
https://support.apple.com/en-us/HT212220
Vendor Advisory
https://support.apple.com/en-us/HT212221
Vendor Advisory
https://support.apple.com/en-us/HT212222
Vendor Advisory
https://support.apple.com/en-us/HT212223
Vendor Advisory