cve-2016-1857

Vulnerability from cvelistv5

Published

2016-05-20 10:00

Modified

2024-08-05 23:10

Severity ?

Summary

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/May/msg00005.html	Mailing List, Vendor Advisory
product-security@apple.com	http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securityfocus.com/archive/1/538522/100/0/threaded	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1035888	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.zerodayinitiative.com/advisories/ZDI-16-343	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT206564	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT206565	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT206568	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/May/msg00005.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/538522/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035888	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-16-343	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206564	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206565	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206568	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:10:39.878Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2016-05-16-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00005.html"
          },
          {
            "name": "1035888",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035888"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206564"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-343"
          },
          {
            "name": "APPLE-SA-2016-05-16-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206565"
          },
          {
            "name": "20160530 WebKitGTK+ Security Advisory WSA-2016-0004",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538522/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206568"
          },
          {
            "name": "APPLE-SA-2016-05-16-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "APPLE-SA-2016-05-16-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00005.html"
        },
        {
          "name": "1035888",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035888"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206564"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-343"
        },
        {
          "name": "APPLE-SA-2016-05-16-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206565"
        },
        {
          "name": "20160530 WebKitGTK+ Security Advisory WSA-2016-0004",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538522/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206568"
        },
        {
          "name": "APPLE-SA-2016-05-16-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-1857",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2016-05-16-5",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00005.html"
            },
            {
              "name": "1035888",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035888"
            },
            {
              "name": "http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html"
            },
            {
              "name": "https://support.apple.com/HT206564",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206564"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-343",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-343"
            },
            {
              "name": "APPLE-SA-2016-05-16-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
            },
            {
              "name": "https://support.apple.com/HT206565",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206565"
            },
            {
              "name": "20160530 WebKitGTK+ Security Advisory WSA-2016-0004",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538522/100/0/threaded"
            },
            {
              "name": "https://support.apple.com/HT206568",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206568"
            },
            {
              "name": "APPLE-SA-2016-05-16-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2016-1857",
    "datePublished": "2016-05-20T10:00:00",
    "dateReserved": "2016-01-13T00:00:00",
    "dateUpdated": "2024-08-05T23:10:39.878Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.1.1\", \"matchCriteriaId\": \"126B016F-E036-4ED2-B123-844E19B701B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.3.2\", \"matchCriteriaId\": \"6E8ECB34-7053-47AD-8EB2-EE5DDE03E37A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.2.1\", \"matchCriteriaId\": \"9918C95C-B5F9-4741-893D-828F18F20D9A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:webkitgtk:webkitgtk\\\\+:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.12.3\", \"matchCriteriaId\": \"D5546D7F-9847-4F56-AA84-B64A6760680A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.\"}, {\"lang\": \"es\", \"value\": \"WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, Safari en versiones anteriores a 9.1.1 y tvOS en versiones anteriores a 9.2.1, permite a atacantes remotos ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria) a trav\\u00e9s de una p\\u00e1gina web manipulada, una vulnerabilidad diferente a CVE-2016-1854, CVE-2016-1855 y CVE-2016-1856.\"}]",
      "id": "CVE-2016-1857",
      "lastModified": "2024-11-21T02:47:13.743",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2016-05-20T11:00:11.053",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2016/May/msg00001.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/May/msg00002.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/May/msg00005.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/538522/100/0/threaded\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1035888\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-16-343\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT206564\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206565\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206568\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/May/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/May/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/May/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/538522/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1035888\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-16-343\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT206564\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206565\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206568\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1857\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2016-05-20T11:00:11.053\",\"lastModified\":\"2024-11-21T02:47:13.743\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.\"},{\"lang\":\"es\",\"value\":\"WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, Safari en versiones anteriores a 9.1.1 y tvOS en versiones anteriores a 9.2.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una p\u00e1gina web manipulada, una vulnerabilidad diferente a CVE-2016-1854, CVE-2016-1855 y CVE-2016-1856.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.1.1\",\"matchCriteriaId\":\"126B016F-E036-4ED2-B123-844E19B701B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.3.2\",\"matchCriteriaId\":\"6E8ECB34-7053-47AD-8EB2-EE5DDE03E37A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.1\",\"matchCriteriaId\":\"9918C95C-B5F9-4741-893D-828F18F20D9A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webkitgtk:webkitgtk\\\\+:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.12.3\",\"matchCriteriaId\":\"D5546D7F-9847-4F56-AA84-B64A6760680A\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2016/May/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/May/msg00002.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/May/msg00005.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/538522/100/0/threaded\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1035888\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-16-343\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT206564\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206565\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206568\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/May/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/May/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/May/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/538522/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1035888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-16-343\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT206564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206565\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206568\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

gsd-2016-1857

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-1857

Aliases

CVE-2016-1857

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1857",
    "description": "WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.",
    "id": "GSD-2016-1857",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-1857.html",
      "https://ubuntu.com/security/CVE-2016-1857",
      "https://advisories.mageia.org/CVE-2016-1857.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1857"
      ],
      "details": "WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.",
      "id": "GSD-2016-1857",
      "modified": "2023-12-13T01:21:24.857362Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2016-1857",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2016-05-16-5",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00005.html"
          },
          {
            "name": "1035888",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035888"
          },
          {
            "name": "http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html"
          },
          {
            "name": "https://support.apple.com/HT206564",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206564"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-343",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-343"
          },
          {
            "name": "APPLE-SA-2016-05-16-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
          },
          {
            "name": "https://support.apple.com/HT206565",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206565"
          },
          {
            "name": "20160530 WebKitGTK+ Security Advisory WSA-2016-0004",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/538522/100/0/threaded"
          },
          {
            "name": "https://support.apple.com/HT206568",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206568"
          },
          {
            "name": "APPLE-SA-2016-05-16-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.12.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-1857"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT206565",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206565"
            },
            {
              "name": "https://support.apple.com/HT206568",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206568"
            },
            {
              "name": "https://support.apple.com/HT206564",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206564"
            },
            {
              "name": "APPLE-SA-2016-05-16-5",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00005.html"
            },
            {
              "name": "APPLE-SA-2016-05-16-1",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html"
            },
            {
              "name": "APPLE-SA-2016-05-16-2",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html"
            },
            {
              "name": "1035888",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1035888"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-343",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-343"
            },
            {
              "name": "20160530 WebKitGTK+ Security Advisory WSA-2016-0004",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/538522/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-03-25T17:09Z",
      "publishedDate": "2016-05-20T11:00Z"
    }
  }
}

var-201605-0427

Vulnerability from variot

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. Apple iOS , Safari and tvOS Used in etc. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of ArrayBuffer objects. By triggering certain JavaScript optimizations, an attacker can force an ArrayBuffer in memory to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts may result in a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome.

Ubuntu Security Notice USN-3079-1 September 14, 2016

webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in WebKitGTK+.

Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection

Details:

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.12.5-0ubuntu0.16.04.1

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-3079-1 CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859, CVE-2016-4583, CVE-2016-4585, CVE-2016-4586, CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651

Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1

. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2016-0004

Date reported : May 30, 2016 Advisory ID : WSA-2016-0004 Advisory URL : http://webkitgtk.org/security/WSA-2016-0004.html CVE identifiers : CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2016-1854 Versions affected: WebKitGTK+ before 2.12.1. Credit to Anonymous working with Trend Micro's Zero Day Initiative.

CVE-2016-1856 Versions affected: WebKitGTK+ before 2.12.1. Credit to lokihardt working with Trend Micro's Zero Day Initiative.

CVE-2016-1857 Versions affected: WebKitGTK+ before 2.12.3. Credit to Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative.

CVE-2016-1858 Versions affected: WebKitGTK+ before 2.12.0. Credit to Anonymous.

CVE-2016-1859 Versions affected: WebKitGTK+ before 2.12.1. Credit to Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative.

We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.

Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html

The WebKitGTK+ team, May 30, 2016

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-05-16-5 Safari 9.1.1

Safari 9.1.1 is now available and addresses the following:

Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: A user may be unable to fully delete browsing history Description: "Clear History and Website Data" did not clear the history. The issue was addressed through improved data deletion. CVE-ID CVE-2016-1849 : Adham Ghrayeb

WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a malicious website may disclose data from another website Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking. CVE-ID CVE-2016-1858 : an anonymous researcher

WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative

WebKit Canvas Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling.

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXOj0LAAoJEIOj74w0bLRGg00P/15+B1ltGhgazsTVc8eZVaC+ LVe24/wN8yTv8I5N23JLFRcMopJj7GFSEU+ApYvgkgw2U3w5sku7Vz0scG2YYHca ubfUP3GdIsNlgaDMUvBCS3dUyzbK85AYZHhcAvQ4nL60Ttjk2wi9YpnKuY7eTEwi GnMmfuRdmsN6pEIUofCrwtYw2zC4Yte/iyxZSc9vQthqjLqn992FBrWZO6NLnhK8 P1NusAo/Eby/Z8xftS+foHGEcZg2zuKDkJsoHgN+HwiuO8bdiA9ZeqbH2iQIymbo N/PRIP2E1W/RXFodit16oA3PjoHs813WOyoc85mG8yLNOoLXcdpSWqosDKUhrXsF FL4H+O0XCUUDEzYr+kyqj+tvNn3UwnNEcW6ZgyrWBU2w93CG1MpR9eTr4o/xxLd3 2gN4mj8PvK/Or2TVKFBB5rRb+SIKjPqrDyB/NJyqnaLurnuEYjMZv7nM6U3HDFql XxZ3b3jq0uoBXOAAiSm1g6MFgcjkZLcvM55CkljQha5SKCgrUnZ52jsDPqXGfNL7 CUcTUQ8VTtXknASYo6c1dOZs0snCkHNK84iFZdELwQz8t4R6ERH0YmV8yuplqOe2 SoYDJig8OkfdQK3HaL6MTNn7flwAsb/YV17nVYZxINYbkF88ticAH4l/KuCPQyXL 6xvn35QzPS6xQsexYsbi =Ybx7 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0427",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.3.2"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "model": "webkitgtk\\+",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "webkitgtk",
        "version": "2.12.3"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3.2   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3.2   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3.2   (ipod touch first  5 after generation )"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1.1   (os x el capitan v10.11.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1.1   (os x mavericks v10.9.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1.1   (os x yosemite v10.10.5)"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.2.1   (apple tv first  4 generation )"
      },
      {
        "model": "safari",
        "scope": null,
        "trust": 0.7,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.7"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-343"
      },
      {
        "db": "BID",
        "id": "90689"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002850"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-472"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.12.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1857"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Liang Chen of KeenLab Tencent Zhen Feng of KeenLab Tencent wushi of KeenLab Tencent",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-343"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2016-1857",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-1857",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.6,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-90676",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-1857",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-1857",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2016-1857",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-472",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90676",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-1857",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-343"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90676"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002850"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-472"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. Apple iOS , Safari and tvOS Used in etc. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of ArrayBuffer objects. By triggering certain JavaScript optimizations, an attacker can force an ArrayBuffer in memory to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts may result  in a   denial-of-service condition. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. \n===========================================================================\nUbuntu Security Notice USN-3079-1\nSeptember 14, 2016\n\nwebkit2gtk vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK+. \n\nSoftware Description:\n- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libjavascriptcoregtk-4.0-18     2.12.5-0ubuntu0.16.04.1\n  libwebkit2gtk-4.0-37            2.12.5-0ubuntu0.16.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK+, such as Epiphany, to make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-3079-1\n  CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858,\n  CVE-2016-1859, CVE-2016-4583, CVE-2016-4585, CVE-2016-4586,\n  CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591,\n  CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1\n\n\n\n. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory                               WSA-2016-0004\n------------------------------------------------------------------------\n\nDate reported      : May 30, 2016\nAdvisory ID        : WSA-2016-0004\nAdvisory URL       : http://webkitgtk.org/security/WSA-2016-0004.html\nCVE identifiers    : CVE-2016-1854, CVE-2016-1856, CVE-2016-1857,\n                     CVE-2016-1858, CVE-2016-1859. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n\nCVE-2016-1854\n    Versions affected: WebKitGTK+ before 2.12.1. \n    Credit to Anonymous working with Trend Micro\u0027s Zero Day Initiative. \n\nCVE-2016-1856\n    Versions affected: WebKitGTK+ before 2.12.1. \n    Credit to lokihardt working with Trend Micro\u0027s Zero Day Initiative. \n\nCVE-2016-1857\n    Versions affected: WebKitGTK+ before 2.12.3. \n    Credit to Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of\n    KeenLab, Tencent working with Trend Micro\u0027s Zero Day Initiative. \n\nCVE-2016-1858\n    Versions affected: WebKitGTK+ before 2.12.0. \n    Credit to Anonymous. \n\nCVE-2016-1859\n    Versions affected: WebKitGTK+ before 2.12.1. \n    Credit to Liang Chen, wushi of KeenLab, Tencent working with Trend\n    Micro\u0027s Zero Day Initiative. \n\n\nWe recommend updating to the last stable version of WebKitGTK+. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: http://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nMay 30, 2016\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-05-16-5 Safari 9.1.1\n\nSafari 9.1.1 is now available and addresses the following:\n\nSafari\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11.5\nImpact:  A user may be unable to fully delete browsing history\nDescription:  \"Clear History and Website Data\" did not clear the\nhistory. The issue was addressed through improved data deletion. \nCVE-ID\nCVE-2016-1849 : Adham Ghrayeb\n\nWebKit\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11.5\nImpact:  Visiting a malicious website may disclose data from another\nwebsite\nDescription:  An insufficient taint tracking issue in the parsing of\nsvg images was addressed through improved taint tracking. \nCVE-ID\nCVE-2016-1858 : an anonymous researcher\n\nWebKit\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11.5\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1854 : Anonymous working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks\nCVE-2016-1856 : lokihardt working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of\nKeenLab, Tencent working with Trend Micro\u0027s Zero Day Initiative\n\nWebKit Canvas\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11.5\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXOj0LAAoJEIOj74w0bLRGg00P/15+B1ltGhgazsTVc8eZVaC+\nLVe24/wN8yTv8I5N23JLFRcMopJj7GFSEU+ApYvgkgw2U3w5sku7Vz0scG2YYHca\nubfUP3GdIsNlgaDMUvBCS3dUyzbK85AYZHhcAvQ4nL60Ttjk2wi9YpnKuY7eTEwi\nGnMmfuRdmsN6pEIUofCrwtYw2zC4Yte/iyxZSc9vQthqjLqn992FBrWZO6NLnhK8\nP1NusAo/Eby/Z8xftS+foHGEcZg2zuKDkJsoHgN+HwiuO8bdiA9ZeqbH2iQIymbo\nN/PRIP2E1W/RXFodit16oA3PjoHs813WOyoc85mG8yLNOoLXcdpSWqosDKUhrXsF\nFL4H+O0XCUUDEzYr+kyqj+tvNn3UwnNEcW6ZgyrWBU2w93CG1MpR9eTr4o/xxLd3\n2gN4mj8PvK/Or2TVKFBB5rRb+SIKjPqrDyB/NJyqnaLurnuEYjMZv7nM6U3HDFql\nXxZ3b3jq0uoBXOAAiSm1g6MFgcjkZLcvM55CkljQha5SKCgrUnZ52jsDPqXGfNL7\nCUcTUQ8VTtXknASYo6c1dOZs0snCkHNK84iFZdELwQz8t4R6ERH0YmV8yuplqOe2\nSoYDJig8OkfdQK3HaL6MTNn7flwAsb/YV17nVYZxINYbkF88ticAH4l/KuCPQyXL\n6xvn35QzPS6xQsexYsbi\n=Ybx7\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002850"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-343"
      },
      {
        "db": "BID",
        "id": "90689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90676"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1857"
      },
      {
        "db": "PACKETSTORM",
        "id": "138715"
      },
      {
        "db": "PACKETSTORM",
        "id": "137229"
      },
      {
        "db": "PACKETSTORM",
        "id": "137089"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1857",
        "trust": 3.9
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-343",
        "trust": 2.5
      },
      {
        "db": "PACKETSTORM",
        "id": "137229",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1035888",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91632741",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002850",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3619",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-472",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "90689",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-90676",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1857",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138715",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137089",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-343"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90676"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1857"
      },
      {
        "db": "BID",
        "id": "90689"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002850"
      },
      {
        "db": "PACKETSTORM",
        "id": "138715"
      },
      {
        "db": "PACKETSTORM",
        "id": "137229"
      },
      {
        "db": "PACKETSTORM",
        "id": "137089"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-472"
      }
    ]
  },
  "id": "VAR-201605-0427",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90676"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-26T19:38:43.429000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT206568",
        "trust": 1.5,
        "url": "https://support.apple.com/en-us/ht206568"
      },
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2016-05-16-2 iOS 9.3.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00002.html"
      },
      {
        "title": "APPLE-SA-2016-05-16-1 tvOS 9.2.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00001.html"
      },
      {
        "title": "APPLE-SA-2016-05-16-5 Safari 9.1.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00005.html"
      },
      {
        "title": "HT206564",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206564"
      },
      {
        "title": "HT206565",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206565"
      },
      {
        "title": "HT206564",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206564"
      },
      {
        "title": "HT206565",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206565"
      },
      {
        "title": "HT206568",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206568"
      },
      {
        "title": "Apple iOS , watchOS , Safari WebKit Fixes for arbitrary code execution vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61786"
      },
      {
        "title": "Ubuntu Security Notice: webkit2gtk vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3079-1"
      },
      {
        "title": "PegMii-Boogaloo",
        "trust": 0.1,
        "url": "https://github.com/hedgeberg/pegmii-boogaloo "
      },
      {
        "title": "Case Study of JavaScript Engine Vulnerabilities",
        "trust": 0.1,
        "url": "https://github.com/tunz/js-vuln-db "
      },
      {
        "title": "Awesome CVE PoC",
        "trust": 0.1,
        "url": "https://github.com/lnick2023/nicenice "
      },
      {
        "title": "Awesome CVE PoC",
        "trust": 0.1,
        "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
      },
      {
        "title": "Awesome CVE PoC",
        "trust": 0.1,
        "url": "https://github.com/qazbnm456/awesome-cve-poc "
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-343"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-472"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90676"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002850"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1857"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00002.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00005.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/archive/1/538522/100/0/threaded"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206564"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206565"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206568"
      },
      {
        "trust": 1.8,
        "url": "http://packetstormsecurity.com/files/137229/webkitgtk-code-execution-denial-of-service-memory-corruption.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-343"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1035888"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1857"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91632741/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1857"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/en-us/ht206568"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/download/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1854"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1856"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1859"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1857"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1858"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/hedgeberg/pegmii-boogaloo"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/90689"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3079-1/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-3079-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4623"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4651"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4586"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4591"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4583"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4590"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4624"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4589"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4622"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4585"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4588"
      },
      {
        "trust": 0.1,
        "url": "http://webkitgtk.org/security.html"
      },
      {
        "trust": 0.1,
        "url": "http://webkitgtk.org/security/wsa-2016-0004.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1855"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1849"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht201222"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-343"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90676"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1857"
      },
      {
        "db": "BID",
        "id": "90689"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002850"
      },
      {
        "db": "PACKETSTORM",
        "id": "138715"
      },
      {
        "db": "PACKETSTORM",
        "id": "137229"
      },
      {
        "db": "PACKETSTORM",
        "id": "137089"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-472"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-16-343"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90676"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1857"
      },
      {
        "db": "BID",
        "id": "90689"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002850"
      },
      {
        "db": "PACKETSTORM",
        "id": "138715"
      },
      {
        "db": "PACKETSTORM",
        "id": "137229"
      },
      {
        "db": "PACKETSTORM",
        "id": "137089"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-472"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-19T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-343"
      },
      {
        "date": "2016-05-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90676"
      },
      {
        "date": "2016-05-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1857"
      },
      {
        "date": "2016-05-16T00:00:00",
        "db": "BID",
        "id": "90689"
      },
      {
        "date": "2016-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002850"
      },
      {
        "date": "2016-09-14T16:52:04",
        "db": "PACKETSTORM",
        "id": "138715"
      },
      {
        "date": "2016-05-30T16:44:10",
        "db": "PACKETSTORM",
        "id": "137229"
      },
      {
        "date": "2016-05-17T16:10:15",
        "db": "PACKETSTORM",
        "id": "137089"
      },
      {
        "date": "2016-05-20T11:00:11.053000",
        "db": "NVD",
        "id": "CVE-2016-1857"
      },
      {
        "date": "2016-05-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-472"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-19T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-343"
      },
      {
        "date": "2019-03-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90676"
      },
      {
        "date": "2019-03-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1857"
      },
      {
        "date": "2016-07-06T14:52:00",
        "db": "BID",
        "id": "90689"
      },
      {
        "date": "2016-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002850"
      },
      {
        "date": "2019-03-25T17:09:42.523000",
        "db": "NVD",
        "id": "CVE-2016-1857"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-472"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138715"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-472"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Used in products  Webkit Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002850"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-472"
      }
    ],
    "trust": 0.6
  }
}

ghsa-68cm-fjjx-wg58

Vulnerability from github

Published

2022-05-14 01:16

Modified

2022-05-14 01:16

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1857"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-05-20T11:00:00Z",
    "severity": "HIGH"
  },
  "details": "WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.",
  "id": "GHSA-68cm-fjjx-wg58",
  "modified": "2022-05-14T01:16:35Z",
  "published": "2022-05-14T01:16:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1857"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206564"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206565"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206568"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/538522/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035888"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-343"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2016-1857

Vulnerability from fkie_nvd

Published

2016-05-20 11:00

Modified

2024-11-21 02:47

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/May/msg00005.html	Mailing List, Vendor Advisory
product-security@apple.com	http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securityfocus.com/archive/1/538522/100/0/threaded	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1035888	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.zerodayinitiative.com/advisories/ZDI-16-343	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT206564	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT206565	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT206568	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/May/msg00005.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/538522/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035888	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-16-343	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206564	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206565	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206568	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	safari	*
apple	iphone_os	*
apple	tvos	*
webkitgtk	webkitgtk\+	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "126B016F-E036-4ED2-B123-844E19B701B7",
              "versionEndExcluding": "9.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8ECB34-7053-47AD-8EB2-EE5DDE03E37A",
              "versionEndExcluding": "9.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9918C95C-B5F9-4741-893D-828F18F20D9A",
              "versionEndExcluding": "9.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5546D7F-9847-4F56-AA84-B64A6760680A",
              "versionEndExcluding": "2.12.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856."
    },
    {
      "lang": "es",
      "value": "WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, Safari en versiones anteriores a 9.1.1 y tvOS en versiones anteriores a 9.2.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una p\u00e1gina web manipulada, una vulnerabilidad diferente a CVE-2016-1854, CVE-2016-1855 y CVE-2016-1856."
    }
  ],
  "id": "CVE-2016-1857",
  "lastModified": "2024-11-21T02:47:13.743",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-20T11:00:11.053",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00005.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/538522/100/0/threaded"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1035888"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-343"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206564"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206565"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/538522/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1035888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206568"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2016-1857

Vulnerability from cvelistv5

gsd-2016-1857

Vulnerability from gsd

var-201605-0427

Vulnerability from variot

webkit2gtk vulnerabilities

ghsa-68cm-fjjx-wg58

Vulnerability from github

cve-2016-1857

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature