github - ghsa-4rmp-jjj9-cfm4

ghsa-4rmp-jjj9-cfm4

Vulnerability from github

Published

2024-05-14 15:32

Modified

2024-07-03 18:40

Severity

8.1 (High) - CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-27834"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:13:06Z",
    "severity": "HIGH"
  },
  "details": "The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.",
  "id": "GHSA-4rmp-jjj9-cfm4",
  "modified": "2024-07-03T18:40:15Z",
  "published": "2024-05-14T15:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27834"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214101"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214102"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214103"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214104"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214106"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/10"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/12"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/16"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/17"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/9"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/05/21/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-27834

Vulnerability from cvelistv5

Published

2024-05-13 23:00

Modified

2024-08-02 00:41

Severity

8.1 (High) - cvssV3_1 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
https://support.apple.com/en-us/HT214101
https://support.apple.com/en-us/HT214106
https://support.apple.com/en-us/HT214104
https://support.apple.com/en-us/HT214103
https://support.apple.com/en-us/HT214102
http://seclists.org/fulldisclosure/2024/May/17
http://www.openwall.com/lists/oss-security/2024/05/21/1
http://seclists.org/fulldisclosure/2024/May/10
http://seclists.org/fulldisclosure/2024/May/9
http://seclists.org/fulldisclosure/2024/May/12
http://seclists.org/fulldisclosure/2024/May/16
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/

Impacted products

Vendor	Product
Apple	iOS and iPadOS
Apple	macOS
Apple	watchOS
Apple	Safari
Apple	tvOS

Show details on NVD website