cve-2018-4210

Vulnerability from cvelistv5

Published

2019-01-11 18:00

Modified

2024-08-05 05:04

Severity ?

Summary

References

URL	Tags
product-security@apple.com	https://security.gentoo.org/glsa/201812-04	Third Party Advisory
product-security@apple.com	https://support.apple.com/HT208693%2C
product-security@apple.com	https://support.apple.com/HT208694%2C
product-security@apple.com	https://support.apple.com/HT208695%2C
product-security@apple.com	https://support.apple.com/HT208698	Vendor Advisory
product-security@apple.com	https://usn.ubuntu.com/3781-1/	Third Party Advisory

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:04:29.852Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208695%2C"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208694%2C"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208698"
          },
          {
            "name": "USN-3781-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3781-1/"
          },
          {
            "name": "GLSA-201812-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201812-04"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208693%2C"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-12T10:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT208695%2C"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT208694%2C"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208698"
        },
        {
          "name": "USN-3781-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3781-1/"
        },
        {
          "name": "GLSA-201812-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201812-04"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT208693%2C"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4210",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208695,",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT208695,"
            },
            {
              "name": "https://support.apple.com/HT208694,",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT208694,"
            },
            {
              "name": "https://support.apple.com/HT208698",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208698"
            },
            {
              "name": "USN-3781-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3781-1/"
            },
            {
              "name": "GLSA-201812-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201812-04"
            },
            {
              "name": "https://support.apple.com/HT208693,",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT208693,"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2018-4210",
    "datePublished": "2019-01-11T18:00:00",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T05:04:29.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-4210\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-01-11T18:29:02.047\",\"lastModified\":\"2023-11-07T02:58:22.647\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.\"},{\"lang\":\"es\",\"value\":\"En iOS en versiones anteriores a la 11.3, Safari en versiones anteriores a la 11.1, tvOS en versiones anteriores a la 11.3, watchOS en versiones anteriores a la 4.3 e iTunes en versiones anteriores a la 12.7.4 para Windows, exist\u00eda un problema de indexaci\u00f3n de arrays en el manejo de una funci\u00f3n en el n\u00facleo de JavaScript. Este problema se abord\u00f3 mediante la mejora de las comprobaciones.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-129\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1\",\"matchCriteriaId\":\"2683E773-F7E6-4B5A-B341-F34EC83368BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\",\"matchCriteriaId\":\"1AE9DC77-7A0A-47A4-9B85-6CCCFDE5B313\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\",\"matchCriteriaId\":\"2027A893-A9F8-4594-89B3-FEAFD69AB877\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3\",\"matchCriteriaId\":\"360435F9-FC38-422B-8888-3656AF59A3BF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7.4\",\"matchCriteriaId\":\"C7F515A1-9B93-4D6F-A269-CAEDEC1DD85E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webkitgtk:webkitgtk\\\\+:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.22.0\",\"matchCriteriaId\":\"88FDF90F-747A-4D61-B1C1-4993CCF4295F\"}]}]}],\"references\":[{\"url\":\"https://security.gentoo.org/glsa/201812-04\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/HT208693%2C\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT208694%2C\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT208695%2C\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT208698\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3781-1/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

ghsa-2mw9-fq32-5hx4

Vulnerability from github

Published

2022-05-14 01:24

Modified

2022-05-14 01:24

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-4210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-129"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-11T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.",
  "id": "GHSA-2mw9-fq32-5hx4",
  "modified": "2022-05-14T01:24:08Z",
  "published": "2022-05-14T01:24:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4210"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201812-04"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208693,"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208694,"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208695,"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208698"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3781-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. plural Apple Product javascript An array index vulnerability exists in the processing of functions in the core.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iTunes for Windows is a media player application based on the Windows platform. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. The following products and versions are affected: Apple iOS prior to 11.3; Safari prior to 11.1; tvOS prior to 11.3; watchOS prior to 4.3; Windows-based iTunes prior to 12.7.4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201812-04

                                       https://security.gentoo.org/

Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: December 02, 2018 Bugs: #667892 ID: 201812-04

Synopsis

Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution.

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-libs/webkit-gtk < 2.22.0 >= 2.22.0

Description

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All WebkitGTK+ users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.0"

References

[ 1 ] CVE-2018-4191 https://nvd.nist.gov/vuln/detail/CVE-2018-4191 [ 2 ] CVE-2018-4197 https://nvd.nist.gov/vuln/detail/CVE-2018-4197 [ 3 ] CVE-2018-4207 https://nvd.nist.gov/vuln/detail/CVE-2018-4207 [ 4 ] CVE-2018-4208 https://nvd.nist.gov/vuln/detail/CVE-2018-4208 [ 5 ] CVE-2018-4209 https://nvd.nist.gov/vuln/detail/CVE-2018-4209 [ 6 ] CVE-2018-4210 https://nvd.nist.gov/vuln/detail/CVE-2018-4210 [ 7 ] CVE-2018-4212 https://nvd.nist.gov/vuln/detail/CVE-2018-4212 [ 8 ] CVE-2018-4213 https://nvd.nist.gov/vuln/detail/CVE-2018-4213 [ 9 ] CVE-2018-4299 https://nvd.nist.gov/vuln/detail/CVE-2018-4299 [ 10 ] CVE-2018-4306 https://nvd.nist.gov/vuln/detail/CVE-2018-4306 [ 11 ] CVE-2018-4309 https://nvd.nist.gov/vuln/detail/CVE-2018-4309 [ 12 ] CVE-2018-4311 https://nvd.nist.gov/vuln/detail/CVE-2018-4311 [ 13 ] CVE-2018-4312 https://nvd.nist.gov/vuln/detail/CVE-2018-4312 [ 14 ] CVE-2018-4314 https://nvd.nist.gov/vuln/detail/CVE-2018-4314 [ 15 ] CVE-2018-4315 https://nvd.nist.gov/vuln/detail/CVE-2018-4315 [ 16 ] CVE-2018-4316 https://nvd.nist.gov/vuln/detail/CVE-2018-4316 [ 17 ] CVE-2018-4317 https://nvd.nist.gov/vuln/detail/CVE-2018-4317 [ 18 ] CVE-2018-4318 https://nvd.nist.gov/vuln/detail/CVE-2018-4318 [ 19 ] CVE-2018-4319 https://nvd.nist.gov/vuln/detail/CVE-2018-4319 [ 20 ] CVE-2018-4323 https://nvd.nist.gov/vuln/detail/CVE-2018-4323 [ 21 ] CVE-2018-4328 https://nvd.nist.gov/vuln/detail/CVE-2018-4328 [ 22 ] CVE-2018-4358 https://nvd.nist.gov/vuln/detail/CVE-2018-4358 [ 23 ] CVE-2018-4359 https://nvd.nist.gov/vuln/detail/CVE-2018-4359 [ 24 ] CVE-2018-4361 https://nvd.nist.gov/vuln/detail/CVE-2018-4361

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201812-04

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007

Date reported : September 26, 2018 Advisory ID : WSA-2018-0007 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0007.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0007.html CVE identifiers : CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361.

Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.

CVE-2018-4207 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.

CVE-2018-4208 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.

CVE-2018-4209 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.

CVE-2018-4210 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction with indexing types caused a failure.

CVE-2018-4212 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.

CVE-2018-4213 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.

CVE-2018-4191 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.

CVE-2018-4197 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4299 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4306 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4309 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to an anonymous researcher working with Trend Micro's Zero Day Initiative. A malicious website may be able to execute scripts in the context of another website. A cross-site scripting issue existed in WebKit.

CVE-2018-4311 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Erling Alf Ellingsen (@steike). Cross-origin SecurityErrors includes the accessed frameas origin.

CVE-2018-4312 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4314 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4315 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4316 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4317 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4318 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4319 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to John Pettitt of Google. A malicious website may cause unexepected cross-origin behavior. A cross-origin issue existed with iframe elements.

CVE-2018-4323 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4328 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4358 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4359 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroA (@5aelo). Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4361 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure.

We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/.

The WebKitGTK+ and WPE WebKit team, September 26, 2018

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-1010",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.7.4"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.3"
      },
      {
        "model": "webkitgtk\\+",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "webkitgtk",
        "version": "2.22.0"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.3"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "webkitgtk+",
        "scope": null,
        "trust": 0.8,
        "vendor": "the webkitgtk team",
        "version": null
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.3   (ipad air or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.3   (iphone 5s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.3   (ipod touch first  6 generation )"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 12.7.4   (windows 7 or later )"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.1   (macos high sierra 10.13.4)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.1   (macos sierra 10.12.6)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.1   (os x el capitan 10.11.6)"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.3   (apple tv 4k)"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.3   (apple tv first  4 generation )"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.1.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.1.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.2.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.4.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.3.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.0.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.3.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.0.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013603"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-404"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.7.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.22.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4210"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gentoo",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "150560"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2018-4210",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-4210",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-134241",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-4210",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-4210",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-404",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134241",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134241"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013603"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-404"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. plural Apple Product javascript An array index vulnerability exists in the processing of functions in the core.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iTunes for Windows is a media player application based on the Windows platform. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. The following products and versions are affected: Apple iOS prior to 11.3; Safari prior to 11.1; tvOS prior to 11.3; watchOS prior to 4.3; Windows-based iTunes prior to 12.7.4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201812-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: WebkitGTK+: Multiple vulnerabilities\n     Date: December 02, 2018\n     Bugs: #667892\n       ID: 201812-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebKitGTK+, the worst of\nwhich may lead to arbitrary code execution. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-libs/webkit-gtk          \u003c 2.22.0                  \u003e= 2.22.0 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.22.0\"\n\nReferences\n==========\n\n[  1 ] CVE-2018-4191\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4191\n[  2 ] CVE-2018-4197\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4197\n[  3 ] CVE-2018-4207\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4207\n[  4 ] CVE-2018-4208\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4208\n[  5 ] CVE-2018-4209\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4209\n[  6 ] CVE-2018-4210\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4210\n[  7 ] CVE-2018-4212\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4212\n[  8 ] CVE-2018-4213\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4213\n[  9 ] CVE-2018-4299\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4299\n[ 10 ] CVE-2018-4306\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4306\n[ 11 ] CVE-2018-4309\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4309\n[ 12 ] CVE-2018-4311\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4311\n[ 13 ] CVE-2018-4312\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4312\n[ 14 ] CVE-2018-4314\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4314\n[ 15 ] CVE-2018-4315\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4315\n[ 16 ] CVE-2018-4316\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4316\n[ 17 ] CVE-2018-4317\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4317\n[ 18 ] CVE-2018-4318\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4318\n[ 19 ] CVE-2018-4319\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4319\n[ 20 ] CVE-2018-4323\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4323\n[ 21 ] CVE-2018-4328\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4328\n[ 22 ] CVE-2018-4358\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4358\n[ 23 ] CVE-2018-4359\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4359\n[ 24 ] CVE-2018-4361\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4361\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201812-04\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----------------------------------------------------------------------\nWebKitGTK+ and WPE WebKit Security Advisory                WSA-2018-0007\n------------------------------------------------------------------------\n\nDate reported           : September 26, 2018\nAdvisory ID             : WSA-2018-0007\nWebKitGTK+ Advisory URL : \nhttps://webkitgtk.org/security/WSA-2018-0007.html\nWPE WebKit Advisory URL : \nhttps://wpewebkit.org/security/WSA-2018-0007.html\nCVE identifiers         : CVE-2018-4207, CVE-2018-4208, CVE-2018-4209,\n                          CVE-2018-4210, CVE-2018-4212, CVE-2018-4213,\n                          CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\n                          CVE-2018-4306, CVE-2018-4309, CVE-2018-4311,\n                          CVE-2018-4312, CVE-2018-4314, CVE-2018-4315,\n                          CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\n                          CVE-2018-4319, CVE-2018-4323, CVE-2018-4328,\n                          CVE-2018-4358, CVE-2018-4359, CVE-2018-4361. \n\nSeveral vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. \n\nCVE-2018-4207\n    Versions affected: WebKitGTK+ before 2.20.0. \n    Credit to Google OSS-Fuzz. \n    Unexpected interaction causes an ASSERT failure. \n\nCVE-2018-4208\n    Versions affected: WebKitGTK+ before 2.20.0. \n    Credit to Google OSS-Fuzz. \n    Unexpected interaction causes an ASSERT failure. \n\nCVE-2018-4209\n    Versions affected: WebKitGTK+ before 2.20.0. \n    Credit to Google OSS-Fuzz. \n    Unexpected interaction causes an ASSERT failure. \n\nCVE-2018-4210\n    Versions affected: WebKitGTK+ before 2.20.0. \n    Credit to Google OSS-Fuzz. \n    Unexpected interaction with indexing types caused a failure. \n\nCVE-2018-4212\n    Versions affected: WebKitGTK+ before 2.20.0. \n    Credit to Google OSS-Fuzz. \n    Unexpected interaction causes an ASSERT failure. \n\nCVE-2018-4213\n    Versions affected: WebKitGTK+ before 2.20.0. \n    Credit to Google OSS-Fuzz. \n    Unexpected interaction causes an ASSERT failure. \n\nCVE-2018-4191\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Google OSS-Fuzz. \n    Unexpected interaction causes an ASSERT failure. \n\nCVE-2018-4197\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Ivan Fratric of Google Project Zero. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4299\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Samuel GroI2 (saelo) working with Trend Micro\u0027s Zero Day\n    Initiative. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. Multiple memory corruption issues were addressed\n    with improved memory handling. \n\nCVE-2018-4306\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Ivan Fratric of Google Project Zero. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4309\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to an anonymous researcher working with Trend Micro\u0027s Zero\n    Day Initiative. \n    A malicious website may be able to execute scripts in the context of\n    another website. A cross-site scripting issue existed in WebKit. \n\nCVE-2018-4311\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Erling Alf Ellingsen (@steike). \n    Cross-origin SecurityErrors includes the accessed frameas origin. \n\nCVE-2018-4312\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Ivan Fratric of Google Project Zero. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4314\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Ivan Fratric of Google Project Zero. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4315\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Ivan Fratric of Google Project Zero. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4316\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan\n    Team. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4317\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Ivan Fratric of Google Project Zero. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4318\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Ivan Fratric of Google Project Zero. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4319\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to John Pettitt of Google. \n    A malicious website may cause unexepected cross-origin behavior. A\n    cross-origin issue existed with iframe elements. \n\nCVE-2018-4323\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Ivan Fratric of Google Project Zero. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. Multiple memory corruption issues were addressed\n    with improved memory handling. \n\nCVE-2018-4328\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Ivan Fratric of Google Project Zero. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. Multiple memory corruption issues were addressed\n    with improved memory handling. \n\nCVE-2018-4358\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to @phoenhex team (@bkth_ @5aelo @_niklasb) working with\n    Trend Micro\u0027s Zero Day Initiative. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. Multiple memory corruption issues were addressed\n    with improved memory handling. \n\nCVE-2018-4359\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Samuel GroA (@5aelo). \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. Multiple memory corruption issues were addressed\n    with improved memory handling. \n\nCVE-2018-4361\n    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. \n    Credit to Google OSS-Fuzz. \n    Unexpected interaction causes an ASSERT failure. \n\n\nWe recommend updating to the latest stable versions of WebKitGTK+ and\nWPE WebKit. It is the best way to ensure that you are running safe\nversions of WebKit. Please check our websites for information about the\nlatest stable releases. \n\nFurther information about WebKitGTK+ and WPE WebKit security advisories\ncan be found at: https://webkitgtk.org/security.html or\nhttps://wpewebkit.org/security/. \n\nThe WebKitGTK+ and WPE WebKit team,\nSeptember 26, 2018\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4210"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013603"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134241"
      },
      {
        "db": "PACKETSTORM",
        "id": "150560"
      },
      {
        "db": "PACKETSTORM",
        "id": "149605"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-4210",
        "trust": 2.7
      },
      {
        "db": "JVN",
        "id": "JVNVU92378299",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013603",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-404",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-134241",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150560",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149605",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134241"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013603"
      },
      {
        "db": "PACKETSTORM",
        "id": "150560"
      },
      {
        "db": "PACKETSTORM",
        "id": "149605"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-404"
      }
    ]
  },
  "id": "VAR-201901-1010",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134241"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:50:04.424000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT208693",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208693"
      },
      {
        "title": "HT208694",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208694"
      },
      {
        "title": "HT208695",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208695"
      },
      {
        "title": "HT208698",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208698"
      },
      {
        "title": "HT208693",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208693"
      },
      {
        "title": "HT208694",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208694"
      },
      {
        "title": "HT208695",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208695"
      },
      {
        "title": "HT208698",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208698"
      },
      {
        "title": "USN-3781-1",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/3781-1/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://webkitgtk.org/"
      },
      {
        "title": "Multiple Apple product WebKit Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88568"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-404"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-129",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134241"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013603"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4210"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201812-04"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208698"
      },
      {
        "trust": 1.7,
        "url": "https://usn.ubuntu.com/3781-1/"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4210"
      },
      {
        "trust": 1.0,
        "url": "https://support.apple.com/ht208693%2c"
      },
      {
        "trust": 1.0,
        "url": "https://support.apple.com/ht208694%2c"
      },
      {
        "trust": 1.0,
        "url": "https://support.apple.com/ht208695%2c"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4210"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu92378299/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/ht208694"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/ht208695"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/ht208693"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4319"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4323"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4318"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4208"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4191"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4213"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4361"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4309"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4311"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4315"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4197"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4316"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4212"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4317"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4359"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4306"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4358"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4312"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4328"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4209"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4314"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4299"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4207"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht208693,"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht208694,"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht208695,"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://wpewebkit.org/security/."
      },
      {
        "trust": 0.1,
        "url": "https://wpewebkit.org/security/wsa-2018-0007.html"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security.html"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2018-0007.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134241"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013603"
      },
      {
        "db": "PACKETSTORM",
        "id": "150560"
      },
      {
        "db": "PACKETSTORM",
        "id": "149605"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-404"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-134241"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013603"
      },
      {
        "db": "PACKETSTORM",
        "id": "150560"
      },
      {
        "db": "PACKETSTORM",
        "id": "149605"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-404"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134241"
      },
      {
        "date": "2019-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013603"
      },
      {
        "date": "2018-12-03T21:06:30",
        "db": "PACKETSTORM",
        "id": "150560"
      },
      {
        "date": "2018-10-01T17:13:20",
        "db": "PACKETSTORM",
        "id": "149605"
      },
      {
        "date": "2019-01-11T18:29:02.047000",
        "db": "NVD",
        "id": "CVE-2018-4210"
      },
      {
        "date": "2019-01-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-404"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134241"
      },
      {
        "date": "2019-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013603"
      },
      {
        "date": "2023-11-07T02:58:22.647000",
        "db": "NVD",
        "id": "CVE-2018-4210"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-404"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-404"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product  javascript Vulnerability related to array index in processing of functions in the core",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013603"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-404"
      }
    ],
    "trust": 0.6
  }
}

gsd-2018-4210

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-4210

Aliases

CVE-2018-4210

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-4210",
    "description": "In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.",
    "id": "GSD-2018-4210",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-4210.html",
      "https://ubuntu.com/security/CVE-2018-4210"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-4210"
      ],
      "details": "In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.",
      "id": "GSD-2018-4210",
      "modified": "2023-12-13T01:22:28.116473Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2018-4210",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT208695,",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT208695,"
          },
          {
            "name": "https://support.apple.com/HT208694,",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT208694,"
          },
          {
            "name": "https://support.apple.com/HT208698",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208698"
          },
          {
            "name": "USN-3781-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3781-1/"
          },
          {
            "name": "GLSA-201812-04",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201812-04"
          },
          {
            "name": "https://support.apple.com/HT208693,",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT208693,"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.7.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.22.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4210"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-129"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208698",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208698"
            },
            {
              "name": "https://support.apple.com/HT208695,",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208695,"
            },
            {
              "name": "https://support.apple.com/HT208694,",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208694,"
            },
            {
              "name": "https://support.apple.com/HT208693,",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208693,"
            },
            {
              "name": "USN-3781-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3781-1/"
            },
            {
              "name": "GLSA-201812-04",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201812-04"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-03-08T16:06Z",
      "publishedDate": "2019-01-11T18:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2018-4210

Vulnerability from cvelistv5

ghsa-2mw9-fq32-5hx4

Vulnerability from github

var-201901-1010

Vulnerability from variot

Synopsis

Background

Affected packages

Description

Workaround

Resolution

References

Availability

Concerns?

License

gsd-2018-4210

Vulnerability from gsd

Tags

Sightings

Nomenclature