CVE-2021-30952

HIGH KEV

tvOS <15.2 - RCE

Title source: llm

Description

An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

References (12)

[Various Sources] https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30952

[Vendor Advisory] https://support.apple.com/en-us/HT212975

[Vendor Advisory] https://support.apple.com/en-us/HT212976

[Vendor Advisory] https://support.apple.com/en-us/HT212978

[Vendor Advisory] https://support.apple.com/en-us/HT212980

[Vendor Advisory] https://support.apple.com/en-us/HT212982

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5060

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5061

[Mailing List] http://www.openwall.com/lists/oss-security/2022/01/21/2

Scores

CVSS v3 7.8

EPSS 0.0080

EPSS Percentile 74.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2026-03-05

VulnCheck KEV 2026-03-03

ENISA EUVD EUVD-2021-17869

CWE

CWE-190

Status published

Products (12)

apple/ipados < 15.2

apple/iphone_os < 15.2

apple/macos 12.0 - 12.1

apple/safari < 15.2

apple/tvos < 15.2

apple/watchos < 8.3

debian/debian_linux 10.0

debian/debian_linux 11.0

fedoraproject/fedora 34

fedoraproject/fedora 35

... and 2 more

Published Aug 24, 2021

KEV Added Mar 05, 2026

Tracked Since Feb 18, 2026