Lucene search

K

GoogleOSV:CVE-2024-40789

HistoryJul 29, 2024 - 11:15 p.m.

CVE-2024-40789

2024-07-2923:15:12

Google

osv.dev

apple

out-of-bounds access

bounds checking

web content

process crash

security issue

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

Low

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

References

seclists.org/fulldisclosure/2024/Jul/15

seclists.org/fulldisclosure/2024/Jul/16

seclists.org/fulldisclosure/2024/Jul/17

seclists.org/fulldisclosure/2024/Jul/18

seclists.org/fulldisclosure/2024/Jul/21

seclists.org/fulldisclosure/2024/Jul/22

seclists.org/fulldisclosure/2024/Jul/23

security-tracker.debian.org/tracker/CVE-2024-40789

support.apple.com/en-us/HT214116

support.apple.com/en-us/HT214117

support.apple.com/en-us/HT214119

support.apple.com/en-us/HT214121

support.apple.com/en-us/HT214122

support.apple.com/en-us/HT214123

support.apple.com/en-us/HT214124

support.apple.com/kb/HT214121

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

Low

Related for OSV:CVE-2024-40789

cvelist1 ubuntucve1 cve1 vulnrichment1 nvd1 redhatcve1 debiancve1 nessus14 amazon1 fedora3 openvas13 osv7 apple7