Lucene search

K

GoogleOSV:CVE-2024-40780

HistoryJul 29, 2024 - 11:15 p.m.

CVE-2024-40780

2024-07-2923:15:11

Google

osv.dev

cve-2024-40780

bounds checking

apple products

malicious web content

process crash

security update

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.6

Confidence

Low

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

References

seclists.org/fulldisclosure/2024/Jul/15

seclists.org/fulldisclosure/2024/Jul/16

seclists.org/fulldisclosure/2024/Jul/17

seclists.org/fulldisclosure/2024/Jul/18

seclists.org/fulldisclosure/2024/Jul/21

seclists.org/fulldisclosure/2024/Jul/22

seclists.org/fulldisclosure/2024/Jul/23

security-tracker.debian.org/tracker/CVE-2024-40780

support.apple.com/en-us/HT214116

support.apple.com/en-us/HT214117

support.apple.com/en-us/HT214119

support.apple.com/en-us/HT214121

support.apple.com/en-us/HT214122

support.apple.com/en-us/HT214123

support.apple.com/en-us/HT214124

www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.6

Confidence

Low

Related for OSV:CVE-2024-40780

debiancve1 cve1 redhatcve1 vulnrichment1 cvelist1 nvd1 nessus16 osv9 openvas15 amazon1 fedora3 apple7