{"api_version":"1","generated_at":"2026-04-23T00:40:11+00:00","cve":"CVE-2021-30736","urls":{"html":"https://cve.report/CVE-2021-30736","api":"https://cve.report/api/cve/CVE-2021-30736.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-30736","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-30736"},"summary":{"title":"CVE-2021-30736","description":"A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2021-09-08 14:15:00","updated_at":"2023-01-09 16:41:00"},"problem_types":["CWE-120"],"metrics":[],"references":[{"url":"https://support.apple.com/en-us/HT212533","name":"https://support.apple.com/en-us/HT212533","refsource":"MISC","tags":[],"title":"About the security content of watchOS 7.5 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212532","name":"https://support.apple.com/en-us/HT212532","refsource":"MISC","tags":[],"title":"About the security content of tvOS 14.6 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212529","name":"https://support.apple.com/en-us/HT212529","refsource":"MISC","tags":[],"title":"About the security content of macOS Big Sur 11.4 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212528","name":"https://support.apple.com/en-us/HT212528","refsource":"MISC","tags":[],"title":"About the security content of iOS 14.6 and iPadOS 14.6 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-30736","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30736","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"30736","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"30736","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipad_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"30736","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"30736","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"30736","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"30736","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"30736","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-30736","qid":"375588","title":"Apple MacOS Big Sur 11.4 Not Installed (HT212529)"},{"cve":"CVE-2021-30736","qid":"610342","title":"Apple iOS 14.6 and iPadOS 14.6 Security Update Missing"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-30736","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"iOS and iPadOS","version":{"version_data":[{"version_affected":"<","version_value":"14.6"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_value":"11.4"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_value":"14.6"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_value":"7.5"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"An application may be able to execute arbitrary code with kernel privileges"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212528","name":"https://support.apple.com/en-us/HT212528"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212529","name":"https://support.apple.com/en-us/HT212529"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212532","name":"https://support.apple.com/en-us/HT212532"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212533","name":"https://support.apple.com/en-us/HT212533"}]},"description":{"description_data":[{"lang":"eng","value":"A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges."}]}},"nvd":{"publishedDate":"2021-09-08 14:15:00","lastModifiedDate":"2023-01-09 16:41:00","problem_types":["CWE-120"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"14.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"7.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"14.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.1","versionEndExcluding":"11.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"30736","Ordinal":"206014","Title":"CVE-2021-30736","CVE":"CVE-2021-30736","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"30736","Ordinal":"1","NoteData":"A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"30736","Ordinal":"2","NoteData":"2021-09-08","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"30736","Ordinal":"3","NoteData":"2021-09-08","Type":"Other","Title":"Modified"}]}}}