{"api_version":"1","generated_at":"2026-04-22T20:52:14+00:00","cve":"CVE-2021-30666","urls":{"html":"https://cve.report/CVE-2021-30666","api":"https://cve.report/api/cve/CVE-2021-30666.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-30666","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-30666"},"summary":{"title":"CVE-2021-30666","description":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2021-09-08 15:15:00","updated_at":"2022-07-12 17:42:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"https://support.apple.com/en-us/HT212341","name":"https://support.apple.com/en-us/HT212341","refsource":"MISC","tags":[],"title":"About the security content of iOS 12.5.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-30666","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30666","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"30666","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2021","cve_id":"30666","cve":"CVE-2021-30666","vendorProject":"Apple","product":"iOS","vulnerabilityName":"Apple iOS WebKit Buffer Overflow Vulnerability","dateAdded":"2021-11-03","shortDescription":"Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2021-11-17","knownRansomwareCampaignUse":"Unknown","notes":"https://nvd.nist.gov/vuln/detail/CVE-2021-30666","cwes":"CWE-119","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:11"},"epss":{"cve_year":"2021","cve_id":"30666","cve":"CVE-2021-30666","epss":"0.014710000","percentile":"0.809670000","score_date":"2026-04-21","updated_at":"2026-04-22 00:07:42"},"legacy_qids":[{"cve":"CVE-2021-30666","qid":"180260","title":"Debian Security Update for wpewebkitwebkit2gtk (CVE-2021-30666)"},{"cve":"CVE-2021-30666","qid":"296065","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)"},{"cve":"CVE-2021-30666","qid":"355438","title":"Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2023-2088"},{"cve":"CVE-2021-30666","qid":"501936","title":"Alpine Linux Security Update for webkit2gtk"},{"cve":"CVE-2021-30666","qid":"505507","title":"Alpine Linux Security Update for webkit2gtk"},{"cve":"CVE-2021-30666","qid":"610336","title":"Apple iOS 12.5.3 Security Update Missing (HT212341)"},{"cve":"CVE-2021-30666","qid":"710570","title":"Gentoo Linux WebkitGTK+ Multiple Vulnerabilities (GLSA 202202-01)"},{"cve":"CVE-2021-30666","qid":"751623","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0142-1)"},{"cve":"CVE-2021-30666","qid":"751646","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0183-1)"},{"cve":"CVE-2021-30666","qid":"751648","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0182-1)"},{"cve":"CVE-2021-30666","qid":"751659","title":"OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2022:0182-1)"},{"cve":"CVE-2021-30666","qid":"751755","title":"OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2022:0182-2)"},{"cve":"CVE-2021-30666","qid":"960761","title":"Rocky Linux Security Update for GNOME (RLSA-2020:4451)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-30666","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"iOS","version":{"version_data":[{"version_affected":"<","version_value":"12.5"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212341","name":"https://support.apple.com/en-us/HT212341"}]},"description":{"description_data":[{"lang":"eng","value":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.."}]}},"nvd":{"publishedDate":"2021-09-08 15:15:00","lastModifiedDate":"2022-07-12 17:42:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"12.5.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"30666","Ordinal":"205944","Title":"CVE-2021-30666","CVE":"CVE-2021-30666","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"30666","Ordinal":"1","NoteData":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..","Type":"Description","Title":null},{"CveYear":"2021","CveId":"30666","Ordinal":"2","NoteData":"2021-09-08","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"30666","Ordinal":"3","NoteData":"2021-09-08","Type":"Other","Title":"Modified"}]}}}