Details of VAR-201901-1004

ID

VAR-201901-1004

CVE

CVE-2018-4257

TITLE

macOS High Sierra Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2018-013596

DESCRIPTION

In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. AppleGraphicsPowerManagement is one of the graphics card power management components. An attacker could exploit this vulnerability to execute arbitrary code with kernel privileges

Trust: 1.8

sources: NVD: CVE-2018-4257 // JVNDB: JVNDB-2018-013596 // VULHUB: VHN-134288 // VULMON: CVE-2018-4257

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.4	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.4	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	-	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.3	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.2	Trust: 0.6

sources: JVNDB: JVNDB-2018-013596 // CNNVD: CNNVD-201901-411 // NVD: CVE-2018-4257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4257
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-4257
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201901-411
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-134288
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-4257
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4257
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134288
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4257
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134288 // VULMON: CVE-2018-4257 // JVNDB: JVNDB-2018-013596 // CNNVD: CNNVD-201901-411 // NVD: CVE-2018-4257

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-134288 // JVNDB: JVNDB-2018-013596 // NVD: CVE-2018-4257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-411

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201901-411

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013596

PATCH

title:	HT208849	url:	https://support.apple.com/en-us/HT208849	Trust: 0.8
title:	HT208849	url:	https://support.apple.com/ja-jp/HT208849	Trust: 0.8
title:	Apple macOS High Sierra AppleGraphicsPowerManagement Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88575	Trust: 0.6
title:	Apple: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f93fc5c87ddc6e336e7b02ff3308dfe6	Trust: 0.1

sources: VULMON: CVE-2018-4257 // JVNDB: JVNDB-2018-013596 // CNNVD: CNNVD-201901-411

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4257	Trust: 2.6
db:	JVN	id:	JVNVU98864649	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-013596	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-411	Trust: 0.7
db:	VULHUB	id:	VHN-134288	Trust: 0.1
db:	VULMON	id:	CVE-2018-4257	Trust: 0.1

sources: VULHUB: VHN-134288 // VULMON: CVE-2018-4257 // JVNDB: JVNDB-2018-013596 // CNNVD: CNNVD-201901-411 // NVD: CVE-2018-4257

REFERENCES

url:	https://support.apple.com/ht208849	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4257	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98864649/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4257	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht208849	Trust: 0.1

sources: VULHUB: VHN-134288 // VULMON: CVE-2018-4257 // JVNDB: JVNDB-2018-013596 // CNNVD: CNNVD-201901-411 // NVD: CVE-2018-4257

SOURCES

db:	VULHUB	id:	VHN-134288
db:	VULMON	id:	CVE-2018-4257
db:	JVNDB	id:	JVNDB-2018-013596
db:	CNNVD	id:	CNNVD-201901-411
db:	NVD	id:	CVE-2018-4257

LAST UPDATE DATE

2024-11-23T20:12:34.039000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134288	date:	2019-01-16T00:00:00
db:	VULMON	id:	CVE-2018-4257	date:	2019-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-013596	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201901-411	date:	2020-05-22T00:00:00
db:	NVD	id:	CVE-2018-4257	date:	2024-11-21T04:07:04.113

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134288	date:	2019-01-11T00:00:00
db:	VULMON	id:	CVE-2018-4257	date:	2019-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-013596	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201901-411	date:	2019-01-14T00:00:00
db:	NVD	id:	CVE-2018-4257	date:	2019-01-11T18:29:02.657