Lucene search

[email protected]CVE-2019-8608

HistoryDec 18, 2019 - 6:15 p.m.

CVE-2019-8608

2019-12-1818:15:00

CWE-787

CWE-416

[email protected]

web.nvd.nist.gov

162

cve-2019-8608

memory corruption

ios

macos

security update

arbitrary code execution

nvd

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

8.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.5%

JSON

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

CPENameOperatorVersion
apple:icloudapple icloudlt7.12
apple:itunesapple ituneslt12.9.5
apple:safariapple safarilt12.1.1
apple:iphone_osapple iphone oslt12.3
apple:tvosapple tvoslt12.3
apple:mac_os_xapple mac os xlt10.14.5

CPE	Name	Operator	Version
apple:icloud	apple icloud	lt	7.12
apple:itunes	apple itunes	lt	12.9.5
apple:safari	apple safari	lt	12.1.1
apple:iphone_os	apple iphone os	lt	12.3
apple:tvos	apple tvos	lt	12.3
apple:mac_os_x	apple mac os x	lt	10.14.5