Search for vulnerabilities
Vulnerability details: VCID-rxsk-9b1v-5bgd
Vulnerability ID VCID-rxsk-9b1v-5bgd
Aliases CVE-2021-30858
Summary A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30858.json
epss 0.01026 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01026 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.01324 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.0136 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
epss 0.0136 https://api.first.org/data/v1/epss?cve=CVE-2021-30858
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2021/Sep/25
ssvc Attend http://seclists.org/fulldisclosure/2021/Sep/25
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2021/Sep/27
ssvc Attend http://seclists.org/fulldisclosure/2021/Sep/27
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2021/Sep/29
ssvc Attend http://seclists.org/fulldisclosure/2021/Sep/29
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2021/Sep/38
ssvc Attend http://seclists.org/fulldisclosure/2021/Sep/38
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2021/Sep/39
ssvc Attend http://seclists.org/fulldisclosure/2021/Sep/39
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2021/Sep/50
ssvc Attend http://seclists.org/fulldisclosure/2021/Sep/50
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30858
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30858
archlinux High https://security.archlinux.org/AVG-2399
archlinux High https://security.archlinux.org/AVG-2400
cvssv3.1 8.8 https://support.apple.com/en-us/HT212804
ssvc Attend https://support.apple.com/en-us/HT212804
cvssv3.1 8.8 https://support.apple.com/en-us/HT212807
ssvc Attend https://support.apple.com/en-us/HT212807
cvssv3.1 8.8 https://support.apple.com/kb/HT212824
ssvc Attend https://support.apple.com/kb/HT212824
cvssv3.1 8.8 https://www.debian.org/security/2021/dsa-4975
ssvc Attend https://www.debian.org/security/2021/dsa-4975
cvssv3.1 8.8 https://www.debian.org/security/2021/dsa-4976
ssvc Attend https://www.debian.org/security/2021/dsa-4976
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2021/09/20/1
ssvc Attend http://www.openwall.com/lists/oss-security/2021/09/20/1
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2021/10/26/9
ssvc Attend http://www.openwall.com/lists/oss-security/2021/10/26/9
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2021/10/27/1
ssvc Attend http://www.openwall.com/lists/oss-security/2021/10/27/1
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2021/10/27/2
ssvc Attend http://www.openwall.com/lists/oss-security/2021/10/27/2
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2021/10/27/4
ssvc Attend http://www.openwall.com/lists/oss-security/2021/10/27/4
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30858.json
https://api.first.org/data/v1/epss?cve=CVE-2021-30858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45482
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1 http://www.openwall.com/lists/oss-security/2021/09/20/1
1 http://www.openwall.com/lists/oss-security/2021/10/27/1
2 http://www.openwall.com/lists/oss-security/2021/10/27/2
2006099 https://bugzilla.redhat.com/show_bug.cgi?id=2006099
25 http://seclists.org/fulldisclosure/2021/Sep/25
27 http://seclists.org/fulldisclosure/2021/Sep/27
29 http://seclists.org/fulldisclosure/2021/Sep/29
38 http://seclists.org/fulldisclosure/2021/Sep/38
39 http://seclists.org/fulldisclosure/2021/Sep/39
4 http://www.openwall.com/lists/oss-security/2021/10/27/4
50 http://seclists.org/fulldisclosure/2021/Sep/50
9 http://www.openwall.com/lists/oss-security/2021/10/26/9
AVG-2399 https://security.archlinux.org/AVG-2399
AVG-2400 https://security.archlinux.org/AVG-2400
BO6DMTHZR57JDBOXPSNR2MKDMCRWV265 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858
dsa-4975 https://www.debian.org/security/2021/dsa-4975
dsa-4976 https://www.debian.org/security/2021/dsa-4976
HT212804 https://support.apple.com/en-us/HT212804
HT212807 https://support.apple.com/en-us/HT212807
HT212824 https://support.apple.com/kb/HT212824
RHSA-2021:4097 https://access.redhat.com/errata/RHSA-2021:4097
RHSA-2021:4686 https://access.redhat.com/errata/RHSA-2021:4686
RHSA-2022:0059 https://access.redhat.com/errata/RHSA-2022:0059
RHSA-2022:0075 https://access.redhat.com/errata/RHSA-2022:0075
USN-5087-1 https://usn.ubuntu.com/5087-1/
XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/
Data source KEV
Date added Nov. 3, 2021
Description Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action Apply updates per vendor instructions.
Due date Nov. 17, 2021
Note 
https://nvd.nist.gov/vuln/detail/CVE-2021-30858
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30858.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2021/Sep/25
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at http://seclists.org/fulldisclosure/2021/Sep/25
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2021/Sep/27
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at http://seclists.org/fulldisclosure/2021/Sep/27
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2021/Sep/29
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at http://seclists.org/fulldisclosure/2021/Sep/29
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2021/Sep/38
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at http://seclists.org/fulldisclosure/2021/Sep/38
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2021/Sep/39
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at http://seclists.org/fulldisclosure/2021/Sep/39
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2021/Sep/50
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at http://seclists.org/fulldisclosure/2021/Sep/50
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30858
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30858
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212804
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at https://support.apple.com/en-us/HT212804
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212807
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at https://support.apple.com/en-us/HT212807
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/kb/HT212824
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at https://support.apple.com/kb/HT212824
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2021/dsa-4975
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at https://www.debian.org/security/2021/dsa-4975
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2021/dsa-4976
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at https://www.debian.org/security/2021/dsa-4976
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/09/20/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at http://www.openwall.com/lists/oss-security/2021/09/20/1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/10/26/9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at http://www.openwall.com/lists/oss-security/2021/10/26/9
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/10/27/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at http://www.openwall.com/lists/oss-security/2021/10/27/1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/10/27/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at http://www.openwall.com/lists/oss-security/2021/10/27/2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/10/27/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:31:17Z/ Found at http://www.openwall.com/lists/oss-security/2021/10/27/4
Exploit Prediction Scoring System (EPSS)
Percentile 0.76374
EPSS Score 0.01026
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:36:19.763534+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.20/community.json 37.0.0