CVE-2021-30983

ENISA EUVD: EUVD-2021-17900 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 2 articles Published: 2021-08-24

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.5%

probability

This CVE has a 0.5% probability of being exploited in the next 30 days.

0% Top 66.2th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

9.3

HIGH

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.

Affected Products

Apple

iOS and iPadOS

unspecified

apple

ipados

apple

iphone os

Apple

iOS and iPadOS

unspecified <15.2

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-120 · Buffer Copy without Size Check CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

Google Project Zero

Patched

Dec. 13, 2021

Reported by

Pangu via Tianfu Cup

Root Cause Analysis

???

https://support.apple.com/en-us/HT212976

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

95%

EPSS 0.5%

CVSS v3.1 7.8

Mentions 2

CNA Information

CNA Assigner

apple

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026

Published DateAug 24, 2021