cve-2018-4262

Vulnerability from cvelistv5

Published

2019-01-11 18:00

Modified

2024-08-05 05:11

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://www.securitytracker.com/id/1041232	Third Party Advisory, VDB Entry
product-security@apple.com	https://security.gentoo.org/glsa/201808-04	Third Party Advisory
product-security@apple.com	https://support.apple.com/HT208934%2C
product-security@apple.com	https://support.apple.com/HT208935	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT208938%2C
product-security@apple.com	https://usn.ubuntu.com/3743-1/	Third Party Advisory

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:11:22.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208934%2C"
          },
          {
            "name": "USN-3743-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3743-1/"
          },
          {
            "name": "GLSA-201808-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201808-04"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208935"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208938%2C"
          },
          {
            "name": "1041232",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041232"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-12T10:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT208934%2C"
        },
        {
          "name": "USN-3743-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3743-1/"
        },
        {
          "name": "GLSA-201808-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201808-04"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208935"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT208938%2C"
        },
        {
          "name": "1041232",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041232"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4262",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208934,",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT208934,"
            },
            {
              "name": "USN-3743-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3743-1/"
            },
            {
              "name": "GLSA-201808-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201808-04"
            },
            {
              "name": "https://support.apple.com/HT208935",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208935"
            },
            {
              "name": "https://support.apple.com/HT208938,",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT208938,"
            },
            {
              "name": "1041232",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041232"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2018-4262",
    "datePublished": "2019-01-11T18:00:00",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T05:11:22.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-4262\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-01-11T18:29:02.737\",\"lastModified\":\"2023-11-07T02:58:23.330\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.\"},{\"lang\":\"es\",\"value\":\"En Safari en versiones anteriores a la 11.1.2, iTunes en versiones anteriores a la 12.8 para Windows, iOS en versiones anteriores a la 11.4.1, tvOS en versiones anteriores a la 11.4.1 e iCloud para Windows en versiones anteriores a la 7.6, se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria mediante la mejora de la gesti\u00f3n de memoria.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1.2\",\"matchCriteriaId\":\"16B9B534-35A4-49C4-B19C-C18BA185E0C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.4.1\",\"matchCriteriaId\":\"717822F6-6246-4D7C-BF1E-0A0A2A105B7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.4.1\",\"matchCriteriaId\":\"232180F0-DF72-4DE7-8DF8-7CE0D7771406\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3.2\",\"matchCriteriaId\":\"610C68B9-9ADA-4FDC-9C3E-31F9F4E0063D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.6\",\"matchCriteriaId\":\"B45B035E-E267-4CC0-875D-35B45E86A72C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.8\",\"matchCriteriaId\":\"50F3E6C3-A7EA-4F63-A5F2-659FA32766E6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1041232\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/201808-04\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/HT208934%2C\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT208935\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208938%2C\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://usn.ubuntu.com/3743-1/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. plural Apple There are multiple memory corruption vulnerabilities in the product due to flaws in memory handling.There is a possibility of memory corruption. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of RegExp's exec method in JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iCloud for Windows is a cloud service based on the Windows platform. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201808-04

                                       https://security.gentoo.org/

Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: August 22, 2018 Bugs: #652820, #658168, #662974 ID: 201808-04

Synopsis

Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution.

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4

Description

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All WebkitGTK+ users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"

References

[ 1 ] CVE-2018-11646 https://nvd.nist.gov/vuln/detail/CVE-2018-11646 [ 2 ] CVE-2018-11712 https://nvd.nist.gov/vuln/detail/CVE-2018-11712 [ 3 ] CVE-2018-11713 https://nvd.nist.gov/vuln/detail/CVE-2018-11713 [ 4 ] CVE-2018-12293 https://nvd.nist.gov/vuln/detail/CVE-2018-12293 [ 5 ] CVE-2018-12294 https://nvd.nist.gov/vuln/detail/CVE-2018-12294 [ 6 ] CVE-2018-4101 https://nvd.nist.gov/vuln/detail/CVE-2018-4101 [ 7 ] CVE-2018-4113 https://nvd.nist.gov/vuln/detail/CVE-2018-4113 [ 8 ] CVE-2018-4114 https://nvd.nist.gov/vuln/detail/CVE-2018-4114 [ 9 ] CVE-2018-4117 https://nvd.nist.gov/vuln/detail/CVE-2018-4117 [ 10 ] CVE-2018-4118 https://nvd.nist.gov/vuln/detail/CVE-2018-4118 [ 11 ] CVE-2018-4119 https://nvd.nist.gov/vuln/detail/CVE-2018-4119 [ 12 ] CVE-2018-4120 https://nvd.nist.gov/vuln/detail/CVE-2018-4120 [ 13 ] CVE-2018-4121 https://nvd.nist.gov/vuln/detail/CVE-2018-4121 [ 14 ] CVE-2018-4122 https://nvd.nist.gov/vuln/detail/CVE-2018-4122 [ 15 ] CVE-2018-4125 https://nvd.nist.gov/vuln/detail/CVE-2018-4125 [ 16 ] CVE-2018-4127 https://nvd.nist.gov/vuln/detail/CVE-2018-4127 [ 17 ] CVE-2018-4128 https://nvd.nist.gov/vuln/detail/CVE-2018-4128 [ 18 ] CVE-2018-4129 https://nvd.nist.gov/vuln/detail/CVE-2018-4129 [ 19 ] CVE-2018-4133 https://nvd.nist.gov/vuln/detail/CVE-2018-4133 [ 20 ] CVE-2018-4146 https://nvd.nist.gov/vuln/detail/CVE-2018-4146 [ 21 ] CVE-2018-4162 https://nvd.nist.gov/vuln/detail/CVE-2018-4162 [ 22 ] CVE-2018-4163 https://nvd.nist.gov/vuln/detail/CVE-2018-4163 [ 23 ] CVE-2018-4165 https://nvd.nist.gov/vuln/detail/CVE-2018-4165 [ 24 ] CVE-2018-4190 https://nvd.nist.gov/vuln/detail/CVE-2018-4190 [ 25 ] CVE-2018-4192 https://nvd.nist.gov/vuln/detail/CVE-2018-4192 [ 26 ] CVE-2018-4199 https://nvd.nist.gov/vuln/detail/CVE-2018-4199 [ 27 ] CVE-2018-4200 https://nvd.nist.gov/vuln/detail/CVE-2018-4200 [ 28 ] CVE-2018-4201 https://nvd.nist.gov/vuln/detail/CVE-2018-4201 [ 29 ] CVE-2018-4204 https://nvd.nist.gov/vuln/detail/CVE-2018-4204 [ 30 ] CVE-2018-4214 https://nvd.nist.gov/vuln/detail/CVE-2018-4214 [ 31 ] CVE-2018-4218 https://nvd.nist.gov/vuln/detail/CVE-2018-4218 [ 32 ] CVE-2018-4222 https://nvd.nist.gov/vuln/detail/CVE-2018-4222 [ 33 ] CVE-2018-4232 https://nvd.nist.gov/vuln/detail/CVE-2018-4232 [ 34 ] CVE-2018-4233 https://nvd.nist.gov/vuln/detail/CVE-2018-4233 [ 35 ] CVE-2018-4261 https://nvd.nist.gov/vuln/detail/CVE-2018-4261 [ 36 ] CVE-2018-4262 https://nvd.nist.gov/vuln/detail/CVE-2018-4262 [ 37 ] CVE-2018-4263 https://nvd.nist.gov/vuln/detail/CVE-2018-4263 [ 38 ] CVE-2018-4264 https://nvd.nist.gov/vuln/detail/CVE-2018-4264 [ 39 ] CVE-2018-4265 https://nvd.nist.gov/vuln/detail/CVE-2018-4265 [ 40 ] CVE-2018-4266 https://nvd.nist.gov/vuln/detail/CVE-2018-4266 [ 41 ] CVE-2018-4267 https://nvd.nist.gov/vuln/detail/CVE-2018-4267 [ 42 ] CVE-2018-4270 https://nvd.nist.gov/vuln/detail/CVE-2018-4270 [ 43 ] CVE-2018-4272 https://nvd.nist.gov/vuln/detail/CVE-2018-4272 [ 44 ] CVE-2018-4273 https://nvd.nist.gov/vuln/detail/CVE-2018-4273 [ 45 ] CVE-2018-4278 https://nvd.nist.gov/vuln/detail/CVE-2018-4278 [ 46 ] CVE-2018-4284 https://nvd.nist.gov/vuln/detail/CVE-2018-4284 [ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003 https://webkitgtk.org/security/WSA-2018-0003.html [ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004 https://webkitgtk.org/security/WSA-2018-0004.html [ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005 https://webkitgtk.org/security/WSA-2018-0005.html [ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006 https://webkitgtk.org/security/WSA-2018-0006.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201808-04

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2018-7-9-2 watchOS 4.3.2

watchOS 4.3.2 is now available and addresses the following:

CFNetwork Available for: All Apple Watch models Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks. CVE-2018-4293: an anonymous researcher

Emoji Available for: All Apple Watch models Impact: Processing an emoji under certain configurations may lead to a denial of service Description: A denial of service issue was addressed with improved memory handling. CVE-2018-4290: Patrick Wardle of Digita Security

Kernel Available for: All Apple Watch models Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2018-4280: Brandon Azad

libxpc Available for: All Apple Watch models Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4248: Brandon Azad

LinkPresentation Available for: All Apple Watch models Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. CVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative CVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab CVE-2018-4272: found by OSS-Fuzz

WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: Multiple memory corruption issues were addressed with improved input validation.

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltDyFEpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQ8ecVjteJiCb30BAA 2QBBanPXDpySPp6aEw9U/59UzuqQgr3yxsDPst8s628KvxwTREWRi+3dNQWwlwtw maoMsLkihJHIAoEmUCtoV9OxNmpxhNZ/djBAvjd7glbBbcXdmIG4pN6zzBlqjoh8 zUTf+mvdwMra30kHgehGl9uMQU1QpVG/J7OGAh5y6DajUrCploVjelhXfxFxFQR2 YDGZhBcikfsH/VwnjS5kVzaozEgs6RxtHDzkwJyhXvZ14cQhPYrT9Pfrk94rYgEA dj99gssRl6yHq7iiMehkTl+/PrYP0anBNARcdx2dFpM7dQMBrBnisGWHnQ9PiDdn WrDuDS5C7fNqiCoeXwkQBtw8FZ6e3PLLKJlTdgAO5zZgM70yjKapOJGLqILORSqW 8Dz/0g/NgT7wecVwMh7xstlGBRUBiGrDrxEPpGQDWX7HK5hnoPvSiOSrS6DfU+0f wfnDlNQipVT00mfUmEQWLiFTtbp47Sg1EbVvvFPAQf7dVMq3UFsGZRGxW/Fi2Xik a8J7iIvwn6yVX/obPd26LaZyZjAWKO2cdUfplNEUAbYqTTwnzAJeKUuDv22nzmvO x9DKRpTMSqGkMEnmAUVPDO2Vvvd29YjSKwZ9g7IQGK9MSM2xUxltTAONhbcIeT2o CuP0n7C4wIWY/t+MX80+MV51ufGGg5E9jF2VD8+6Xhk= =2SAG -----END PGP SIGNATURE----- . ------------------------------------------------------------------------ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006

Date reported : August 07, 2018 Advisory ID : WSA-2018-0006 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0006.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0006.html CVE identifiers : CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911.

Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.

CVE-2018-4246 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.1. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4261 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Omair working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4262 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Mateusz Krzywicki working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4263 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Arayz working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4264 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light- Year Security Lab. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4265 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to cc working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4266 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation.

CVE-2018-4267 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Arayz of Pangu team working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4270 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash.

CVE-2018-4271 Versions affected: WebKitGTK+ before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash.

CVE-2018-4272 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-4273 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash.

CVE-2018-4278 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Jun Kokatsu (@shhnjk). A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.

CVE-2018-4284 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2018-12911 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Yu Haiwan. Processing maliciously crafted web content may lead to arbitrary code execution.

We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/.

The WebKitGTK+ and WPE WebKit team, August 07, 2018 . CVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com)

Installation note:

Safari 11.1.2 may be obtained from the Mac App Store

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-1006",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.4.1"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.8"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.4.1"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.1.2"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.6"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 7.6   (windows 7 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4.1   (ipad air or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4.1   (iphone 5s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4.1   (ipod touch first  6 generation )"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 12.8   (windows 7 or later )"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.1.2   (macos high sierra 10.13.6)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.1.2   (macos sierra 10.12.6)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.1.2   (os x el capitan 10.11.6)"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4.1   (apple tv 4k)"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.4.1   (apple tv first  4 generation )"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.3.2   (apple watch all models )"
      },
      {
        "model": "safari",
        "scope": null,
        "trust": 0.7,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.1.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.1.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.2.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.4.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.3.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.0.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.3.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.0.0"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-951"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4262"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.1.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.4.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.6",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4262"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mateusz Krzywicki",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-606"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-951"
      }
    ],
    "trust": 1.3
  },
  "cve": "CVE-2018-4262",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-4262",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.6,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-134293",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-4262",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-4262",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2018-4262",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201808-951",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134293",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-4262",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-606"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134293"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-951"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4262"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. plural Apple There are multiple memory corruption vulnerabilities in the product due to flaws in memory handling.There is a possibility of memory corruption. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of RegExp\u0027s exec method in JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iCloud for Windows is a cloud service based on the Windows platform. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201808-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: WebkitGTK+: Multiple vulnerabilities\n     Date: August 22, 2018\n     Bugs: #652820, #658168, #662974\n       ID: 201808-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebKitGTK+, the worst of\nwhich may lead to arbitrary code execution. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-libs/webkit-gtk          \u003c 2.20.4                  \u003e= 2.20.4\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.20.4\"\n\nReferences\n==========\n\n[  1 ] CVE-2018-11646\n       https://nvd.nist.gov/vuln/detail/CVE-2018-11646\n[  2 ] CVE-2018-11712\n       https://nvd.nist.gov/vuln/detail/CVE-2018-11712\n[  3 ] CVE-2018-11713\n       https://nvd.nist.gov/vuln/detail/CVE-2018-11713\n[  4 ] CVE-2018-12293\n       https://nvd.nist.gov/vuln/detail/CVE-2018-12293\n[  5 ] CVE-2018-12294\n       https://nvd.nist.gov/vuln/detail/CVE-2018-12294\n[  6 ] CVE-2018-4101\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4101\n[  7 ] CVE-2018-4113\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4113\n[  8 ] CVE-2018-4114\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4114\n[  9 ] CVE-2018-4117\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4117\n[ 10 ] CVE-2018-4118\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4118\n[ 11 ] CVE-2018-4119\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4119\n[ 12 ] CVE-2018-4120\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4120\n[ 13 ] CVE-2018-4121\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4121\n[ 14 ] CVE-2018-4122\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4122\n[ 15 ] CVE-2018-4125\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4125\n[ 16 ] CVE-2018-4127\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4127\n[ 17 ] CVE-2018-4128\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4128\n[ 18 ] CVE-2018-4129\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4129\n[ 19 ] CVE-2018-4133\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4133\n[ 20 ] CVE-2018-4146\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4146\n[ 21 ] CVE-2018-4162\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4162\n[ 22 ] CVE-2018-4163\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4163\n[ 23 ] CVE-2018-4165\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4165\n[ 24 ] CVE-2018-4190\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4190\n[ 25 ] CVE-2018-4192\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4192\n[ 26 ] CVE-2018-4199\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4199\n[ 27 ] CVE-2018-4200\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4200\n[ 28 ] CVE-2018-4201\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4201\n[ 29 ] CVE-2018-4204\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4204\n[ 30 ] CVE-2018-4214\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4214\n[ 31 ] CVE-2018-4218\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4218\n[ 32 ] CVE-2018-4222\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4222\n[ 33 ] CVE-2018-4232\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4232\n[ 34 ] CVE-2018-4233\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4233\n[ 35 ] CVE-2018-4261\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4261\n[ 36 ] CVE-2018-4262\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4262\n[ 37 ] CVE-2018-4263\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4263\n[ 38 ] CVE-2018-4264\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4264\n[ 39 ] CVE-2018-4265\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4265\n[ 40 ] CVE-2018-4266\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4266\n[ 41 ] CVE-2018-4267\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4267\n[ 42 ] CVE-2018-4270\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4270\n[ 43 ] CVE-2018-4272\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4272\n[ 44 ] CVE-2018-4273\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4273\n[ 45 ] CVE-2018-4278\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4278\n[ 46 ] CVE-2018-4284\n       https://nvd.nist.gov/vuln/detail/CVE-2018-4284\n[ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003\n       https://webkitgtk.org/security/WSA-2018-0003.html\n[ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004\n       https://webkitgtk.org/security/WSA-2018-0004.html\n[ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005\n       https://webkitgtk.org/security/WSA-2018-0005.html\n[ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006\n       https://webkitgtk.org/security/WSA-2018-0006.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201808-04\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-7-9-2 watchOS 4.3.2\n\nwatchOS 4.3.2 is now available and addresses the following:\n\nCFNetwork\nAvailable for: All Apple Watch models\nImpact: Cookies may unexpectedly persist in Safari\nDescription: A cookie management issue was addressed with improved\nchecks. \nCVE-2018-4293: an anonymous researcher\n\nEmoji\nAvailable for: All Apple Watch models\nImpact: Processing an emoji under certain configurations may lead to\na denial of service\nDescription: A denial of service issue was addressed with improved\nmemory handling. \nCVE-2018-4290: Patrick Wardle of Digita Security\n\nKernel\nAvailable for: All Apple Watch models\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. \nCVE-2018-4280: Brandon Azad\n\nlibxpc\nAvailable for: All Apple Watch models\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2018-4248: Brandon Azad\n\nLinkPresentation\nAvailable for: All Apple Watch models\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: A spoofing issue existed in the handling of URLs. \nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of\nAnt-financial Light-Year Security Lab\nCVE-2018-4272: found by OSS-Fuzz\n\nWebKit\nAvailable for: All Apple Watch models\nImpact: Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltDyFEpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQ8ecVjteJiCb30BAA\n2QBBanPXDpySPp6aEw9U/59UzuqQgr3yxsDPst8s628KvxwTREWRi+3dNQWwlwtw\nmaoMsLkihJHIAoEmUCtoV9OxNmpxhNZ/djBAvjd7glbBbcXdmIG4pN6zzBlqjoh8\nzUTf+mvdwMra30kHgehGl9uMQU1QpVG/J7OGAh5y6DajUrCploVjelhXfxFxFQR2\nYDGZhBcikfsH/VwnjS5kVzaozEgs6RxtHDzkwJyhXvZ14cQhPYrT9Pfrk94rYgEA\ndj99gssRl6yHq7iiMehkTl+/PrYP0anBNARcdx2dFpM7dQMBrBnisGWHnQ9PiDdn\nWrDuDS5C7fNqiCoeXwkQBtw8FZ6e3PLLKJlTdgAO5zZgM70yjKapOJGLqILORSqW\n8Dz/0g/NgT7wecVwMh7xstlGBRUBiGrDrxEPpGQDWX7HK5hnoPvSiOSrS6DfU+0f\nwfnDlNQipVT00mfUmEQWLiFTtbp47Sg1EbVvvFPAQf7dVMq3UFsGZRGxW/Fi2Xik\na8J7iIvwn6yVX/obPd26LaZyZjAWKO2cdUfplNEUAbYqTTwnzAJeKUuDv22nzmvO\nx9DKRpTMSqGkMEnmAUVPDO2Vvvd29YjSKwZ9g7IQGK9MSM2xUxltTAONhbcIeT2o\nCuP0n7C4wIWY/t+MX80+MV51ufGGg5E9jF2VD8+6Xhk=\n=2SAG\n-----END PGP SIGNATURE-----\n. ------------------------------------------------------------------------\nWebKitGTK+ and WPE WebKit Security Advisory                WSA-2018-0006\n------------------------------------------------------------------------\n\nDate reported           : August 07, 2018\nAdvisory ID             : WSA-2018-0006\nWebKitGTK+ Advisory URL : \nhttps://webkitgtk.org/security/WSA-2018-0006.html\nWPE WebKit Advisory URL : \nhttps://wpewebkit.org/security/WSA-2018-0006.html\nCVE identifiers         : CVE-2018-4246, CVE-2018-4261, CVE-2018-4262,\n                          CVE-2018-4263, CVE-2018-4264, CVE-2018-4265,\n                          CVE-2018-4266, CVE-2018-4267, CVE-2018-4270,\n                          CVE-2018-4271, CVE-2018-4272, CVE-2018-4273,\n                          CVE-2018-4278, CVE-2018-4284, CVE-2018-12911. \n\nSeveral vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. \n\nCVE-2018-4246\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.1. \n    Credit to OSS-Fuzz. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4261\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to Omair working with Trend Micro\u0027s Zero Day Initiative. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4262\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to Mateusz Krzywicki working with Trend Micro\u0027s Zero Day\n    Initiative. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4263\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to Arayz working with Trend Micro\u0027s Zero Day Initiative. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4264\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-\n    Year Security Lab. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4265\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to cc working with Trend Micro\u0027s Zero Day Initiative. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4266\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to OSS-Fuzz. \n    A malicious website may be able to cause a denial of service. A race\n    condition was addressed with additional validation. \n\nCVE-2018-4267\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to Arayz of Pangu team working with Trend Micro\u0027s Zero Day\n    Initiative. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4270\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to OSS-Fuzz. \n    Processing maliciously crafted web content may lead to an unexpected\n    application crash. \n\nCVE-2018-4271\n    Versions affected: WebKitGTK+ before 2.20.2. \n    Credit to OSS-Fuzz. \n    Processing maliciously crafted web content may lead to an unexpected\n    application crash. \n\nCVE-2018-4272\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to OSS-Fuzz. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-4273\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to OSS-Fuzz. \n    Processing maliciously crafted web content may lead to an unexpected\n    application crash. \n\nCVE-2018-4278\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to Jun Kokatsu (@shhnjk). \n    A malicious website may exfiltrate audio data cross-origin. Sound\n    fetched through audio elements may be exfiltrated cross-origin. This\n    issue was addressed with improved audio taint tracking. \n\nCVE-2018-4284\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to OSS-Fuzz. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\nCVE-2018-12911\n    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before\n    2.20.2. \n    Credit to Yu Haiwan. \n    Processing maliciously crafted web content may lead to arbitrary\n    code execution. \n\n\nWe recommend updating to the latest stable versions of WebKitGTK+ and\nWPE WebKit. It is the best way to ensure that you are running safe\nversions of WebKit. Please check our websites for information about the\nlatest stable releases. \n\nFurther information about WebKitGTK+ and WPE WebKit security advisories\ncan be found at: https://webkitgtk.org/security.html or\nhttps://wpewebkit.org/security/. \n\nThe WebKitGTK+ and WPE WebKit team,\nAugust 07, 2018\n. \nCVE-2018-4260: xisigr of Tencent\u0027s Xuanwu Lab (tencent.com)\n\nInstallation note:\n\nSafari 11.1.2 may be obtained from the Mac App Store",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013598"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-606"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134293"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4262"
      },
      {
        "db": "PACKETSTORM",
        "id": "148467"
      },
      {
        "db": "PACKETSTORM",
        "id": "149059"
      },
      {
        "db": "PACKETSTORM",
        "id": "148466"
      },
      {
        "db": "PACKETSTORM",
        "id": "148854"
      },
      {
        "db": "PACKETSTORM",
        "id": "148477"
      },
      {
        "db": "PACKETSTORM",
        "id": "148469"
      },
      {
        "db": "PACKETSTORM",
        "id": "148470"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-4262",
        "trust": 4.0
      },
      {
        "db": "SECTRACK",
        "id": "1041232",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU93082496",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013598",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6113",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-606",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-951",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-134293",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4262",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148467",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149059",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148466",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148854",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148477",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148469",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148470",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-606"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134293"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013598"
      },
      {
        "db": "PACKETSTORM",
        "id": "148467"
      },
      {
        "db": "PACKETSTORM",
        "id": "149059"
      },
      {
        "db": "PACKETSTORM",
        "id": "148466"
      },
      {
        "db": "PACKETSTORM",
        "id": "148854"
      },
      {
        "db": "PACKETSTORM",
        "id": "148477"
      },
      {
        "db": "PACKETSTORM",
        "id": "148469"
      },
      {
        "db": "PACKETSTORM",
        "id": "148470"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-951"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4262"
      }
    ]
  },
  "id": "VAR-201901-1006",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134293"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:31:09.960000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT208934",
        "trust": 1.5,
        "url": "https://support.apple.com/en-us/ht208934"
      },
      {
        "title": "HT208936",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208936"
      },
      {
        "title": "HT208938",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208938"
      },
      {
        "title": "HT208932",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208932"
      },
      {
        "title": "HT208933",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208933"
      },
      {
        "title": "HT208935",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208935"
      },
      {
        "title": "HT208932",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208932"
      },
      {
        "title": "HT208933",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208933"
      },
      {
        "title": "HT208934",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208934"
      },
      {
        "title": "HT208935",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208935"
      },
      {
        "title": "HT208936",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208936"
      },
      {
        "title": "HT208938",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208938"
      },
      {
        "title": "USN-3743-1",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/3743-1/"
      },
      {
        "title": "Multiple Apple product WebKit Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84374"
      },
      {
        "title": "Ubuntu Security Notice: webkit2gtk vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3743-1"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2196fa008592287290cbd6678fbe10d4"
      },
      {
        "title": "https://github.com/blacktop/docker-webkit",
        "trust": 0.1,
        "url": "https://github.com/blacktop/docker-webkit "
      },
      {
        "title": "Awesome CVE PoC",
        "trust": 0.1,
        "url": "https://github.com/lnick2023/nicenice "
      },
      {
        "title": "Awesome CVE PoC",
        "trust": 0.1,
        "url": "https://github.com/qazbnm456/awesome-cve-poc "
      },
      {
        "title": "Awesome CVE PoC",
        "trust": 0.1,
        "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-606"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-951"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134293"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013598"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4262"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201808-04"
      },
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/3743-1/"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208935"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1041232"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4262"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht208934%2c"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht208938%2c"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4262"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93082496/index.html"
      },
      {
        "trust": 0.7,
        "url": "https://support.apple.com/en-us/ht208934"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4264"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4270"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4266"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4273"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4284"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4272"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4265"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4261"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4263"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4271"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4267"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4278"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/ht208938"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/ht208934"
      },
      {
        "trust": 0.5,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.5,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4293"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4248"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4282"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4277"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4280"
      },
      {
        "trust": 0.2,
        "url": "https://webkitgtk.org/security/wsa-2018-0006.html"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht208934,"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht208938,"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/blacktop/docker-webkit"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4101"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4114"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4233"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4120"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2018-0003.html"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2018-0004.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4190"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4163"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4127"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11713"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4204"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11646"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4165"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4162"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4214"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12294"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4121"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4192"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4201"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4118"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4113"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4133"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4200"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4122"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4199"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4117"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11712"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4119"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4146"
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security/wsa-2018-0005.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4129"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4218"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4290"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12911"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4246"
      },
      {
        "trust": 0.1,
        "url": "https://wpewebkit.org/security/."
      },
      {
        "trust": 0.1,
        "url": "https://webkitgtk.org/security.html"
      },
      {
        "trust": 0.1,
        "url": "https://wpewebkit.org/security/wsa-2018-0006.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/download/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4260"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4274"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4279"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht204283"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-606"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134293"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013598"
      },
      {
        "db": "PACKETSTORM",
        "id": "148467"
      },
      {
        "db": "PACKETSTORM",
        "id": "149059"
      },
      {
        "db": "PACKETSTORM",
        "id": "148466"
      },
      {
        "db": "PACKETSTORM",
        "id": "148854"
      },
      {
        "db": "PACKETSTORM",
        "id": "148477"
      },
      {
        "db": "PACKETSTORM",
        "id": "148469"
      },
      {
        "db": "PACKETSTORM",
        "id": "148470"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-951"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4262"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-18-606"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134293"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013598"
      },
      {
        "db": "PACKETSTORM",
        "id": "148467"
      },
      {
        "db": "PACKETSTORM",
        "id": "149059"
      },
      {
        "db": "PACKETSTORM",
        "id": "148466"
      },
      {
        "db": "PACKETSTORM",
        "id": "148854"
      },
      {
        "db": "PACKETSTORM",
        "id": "148477"
      },
      {
        "db": "PACKETSTORM",
        "id": "148469"
      },
      {
        "db": "PACKETSTORM",
        "id": "148470"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-951"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4262"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-606"
      },
      {
        "date": "2019-01-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134293"
      },
      {
        "date": "2019-01-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-4262"
      },
      {
        "date": "2019-02-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013598"
      },
      {
        "date": "2018-07-09T19:22:22",
        "db": "PACKETSTORM",
        "id": "148467"
      },
      {
        "date": "2018-08-23T18:40:24",
        "db": "PACKETSTORM",
        "id": "149059"
      },
      {
        "date": "2018-07-09T14:44:44",
        "db": "PACKETSTORM",
        "id": "148466"
      },
      {
        "date": "2018-08-07T20:22:22",
        "db": "PACKETSTORM",
        "id": "148854"
      },
      {
        "date": "2018-07-10T14:02:22",
        "db": "PACKETSTORM",
        "id": "148477"
      },
      {
        "date": "2018-07-09T21:11:11",
        "db": "PACKETSTORM",
        "id": "148469"
      },
      {
        "date": "2018-07-09T23:22:22",
        "db": "PACKETSTORM",
        "id": "148470"
      },
      {
        "date": "2018-08-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201808-951"
      },
      {
        "date": "2019-01-11T18:29:02.737000",
        "db": "NVD",
        "id": "CVE-2018-4262"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-606"
      },
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134293"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-4262"
      },
      {
        "date": "2019-02-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013598"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201808-951"
      },
      {
        "date": "2023-11-07T02:58:23.330000",
        "db": "NVD",
        "id": "CVE-2018-4262"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-951"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Multiple memory corruption vulnerabilities in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013598"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-951"
      }
    ],
    "trust": 0.6
  }
}

gsd-2018-4262

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-4262

Aliases

CVE-2018-4262

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-4262",
    "description": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.",
    "id": "GSD-2018-4262",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-4262.html",
      "https://ubuntu.com/security/CVE-2018-4262",
      "https://advisories.mageia.org/CVE-2018-4262.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-4262"
      ],
      "details": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.",
      "id": "GSD-2018-4262",
      "modified": "2023-12-13T01:22:28.409365Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2018-4262",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT208934,",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT208934,"
          },
          {
            "name": "USN-3743-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3743-1/"
          },
          {
            "name": "GLSA-201808-04",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201808-04"
          },
          {
            "name": "https://support.apple.com/HT208935",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208935"
          },
          {
            "name": "https://support.apple.com/HT208938,",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT208938,"
          },
          {
            "name": "1041232",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041232"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.1.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.6",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4262"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208938,",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208938,"
            },
            {
              "name": "https://support.apple.com/HT208935",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208935"
            },
            {
              "name": "https://support.apple.com/HT208934,",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208934,"
            },
            {
              "name": "USN-3743-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3743-1/"
            },
            {
              "name": "GLSA-201808-04",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201808-04"
            },
            {
              "name": "1041232",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041232"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-03-08T16:06Z",
      "publishedDate": "2019-01-11T18:29Z"
    }
  }
}

ghsa-29g2-mrxj-jw38

Vulnerability from github

Published

2022-05-14 01:23

Modified

2022-05-14 01:23

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-4262"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-11T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.",
  "id": "GHSA-29g2-mrxj-jw38",
  "modified": "2022-05-14T01:23:45Z",
  "published": "2022-05-14T01:23:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4262"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201808-04"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208934,"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208935"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208938,"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3743-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041232"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2018-4262

Vulnerability from cvelistv5

var-201901-1006

Vulnerability from variot

Synopsis

Background

Affected packages

Description

Workaround

Resolution

References

Availability

Concerns?

License

gsd-2018-4262

Vulnerability from gsd

ghsa-29g2-mrxj-jw38

Vulnerability from github

Tags

Sightings

Nomenclature