VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kgv2-t3zj-aaak

Essentials
Severities (119)
References (37)
Severity details (31)
Exploits (1)
EPSS
History (0)

Vulnerability ID	VCID-kgv2-t3zj-aaak
Aliases	CVE-2021-30663
Summary	An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-190

Integer Overflow or Wraparound

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30663.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4381
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30663.json
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00215	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00428	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00428	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00428	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00428	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00428	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00428	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00428	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00428	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00428	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00428	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00428	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00428	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00465	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00465	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00465	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00465	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
epss	0.00529	https://api.first.org/data/v1/epss?cve=CVE-2021-30663
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1986872
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21775
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21779
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30663
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30665
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30689
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30720
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30734
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30744
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30749
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30758
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30795
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30797
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30799
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2021-30663
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2021-30663
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2021-30663
archlinux	High	https://security.archlinux.org/AVG-2220
archlinux	High	https://security.archlinux.org/AVG-2221
cvssv3.1	7.8	https://support.apple.com/en-us/HT212335
ssvc	Attend	https://support.apple.com/en-us/HT212335
cvssv3.1	7.8	https://support.apple.com/en-us/HT212336
ssvc	Attend	https://support.apple.com/en-us/HT212336
cvssv3.1	7.8	https://support.apple.com/en-us/HT212341
ssvc	Attend	https://support.apple.com/en-us/HT212341
cvssv3.1	7.8	https://support.apple.com/en-us/HT212532
ssvc	Attend	https://support.apple.com/en-us/HT212532
cvssv3.1	7.8	https://support.apple.com/en-us/HT212534
ssvc	Attend	https://support.apple.com/en-us/HT212534
generic_textual	Medium	https://ubuntu.com/security/notices/USN-5024-1

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30663.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30663.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-30663
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21775
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21779
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30663
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30665
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30689
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30720
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30734
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30744
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30749
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30758
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30795
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30797
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30799
		https://support.apple.com/en-us/HT212335
		https://support.apple.com/en-us/HT212336
		https://support.apple.com/en-us/HT212341
		https://support.apple.com/en-us/HT212532
		https://support.apple.com/en-us/HT212534
		https://ubuntu.com/security/notices/USN-5024-1
1986872		https://bugzilla.redhat.com/show_bug.cgi?id=1986872
ASA-202107-67		https://security.archlinux.org/ASA-202107-67
ASA-202107-68		https://security.archlinux.org/ASA-202107-68
AVG-2220		https://security.archlinux.org/AVG-2220
AVG-2221		https://security.archlinux.org/AVG-2221
cpe:2.3:a:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:macos::::::::
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:tvos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
CVE-2021-30663		https://nvd.nist.gov/vuln/detail/CVE-2021-30663
GLSA-202202-01		https://security.gentoo.org/glsa/202202-01
RHSA-2021:4381		https://access.redhat.com/errata/RHSA-2021:4381
USN-5024-1		https://usn.ubuntu.com/5024-1/

Data source	KEV
Date added	Nov. 3, 2021
Description	Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action	Apply updates per vendor instructions.
Due date	Nov. 17, 2021
Note	https://nvd.nist.gov/vuln/detail/CVE-2021-30663
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30663.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30663

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30663

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30663

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212335

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T16:23:07Z/ Found at https://support.apple.com/en-us/HT212335

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212336

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T16:23:07Z/ Found at https://support.apple.com/en-us/HT212336

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212341

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T16:23:07Z/ Found at https://support.apple.com/en-us/HT212341

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212532

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T16:23:07Z/ Found at https://support.apple.com/en-us/HT212532

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212534

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T16:23:07Z/ Found at https://support.apple.com/en-us/HT212534

Exploit Prediction Scoring System (EPSS)

Percentile	0.35335
EPSS Score	0.00172
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.