Details of VAR-201901-1005

ID

VAR-201901-1005

CVE

CVE-2018-4258

TITLE

macOS High Sierra Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2018-013597

DESCRIPTION

In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. AppleGraphicsControl is one of the integrated graphics drivers. An attacker could exploit this vulnerability to execute arbitrary code with kernel privileges

Trust: 1.8

sources: NVD: CVE-2018-4258 // JVNDB: JVNDB-2018-013597 // VULHUB: VHN-134289 // VULMON: CVE-2018-4258

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.4	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.4	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	-	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.3	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.2	Trust: 0.6

sources: JVNDB: JVNDB-2018-013597 // CNNVD: CNNVD-201901-412 // NVD: CVE-2018-4258

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4258
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-4258
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201901-412
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-134289
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-4258
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4258
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134289
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4258
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134289 // VULMON: CVE-2018-4258 // JVNDB: JVNDB-2018-013597 // CNNVD: CNNVD-201901-412 // NVD: CVE-2018-4258

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-134289 // JVNDB: JVNDB-2018-013597 // NVD: CVE-2018-4258

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-412

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201901-412

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013597

PATCH

title:	HT208849	url:	https://support.apple.com/en-us/HT208849	Trust: 0.8
title:	HT208849	url:	https://support.apple.com/ja-jp/HT208849	Trust: 0.8
title:	Apple macOS High Sierra AppleGraphicsControl Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88576	Trust: 0.6
title:	Apple: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f93fc5c87ddc6e336e7b02ff3308dfe6	Trust: 0.1

sources: VULMON: CVE-2018-4258 // JVNDB: JVNDB-2018-013597 // CNNVD: CNNVD-201901-412

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4258	Trust: 2.6
db:	JVN	id:	JVNVU98864649	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-013597	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-412	Trust: 0.7
db:	VULHUB	id:	VHN-134289	Trust: 0.1
db:	VULMON	id:	CVE-2018-4258	Trust: 0.1

sources: VULHUB: VHN-134289 // VULMON: CVE-2018-4258 // JVNDB: JVNDB-2018-013597 // CNNVD: CNNVD-201901-412 // NVD: CVE-2018-4258

REFERENCES

url:	https://support.apple.com/ht208849	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4258	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98864649/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4258	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht208849	Trust: 0.1

sources: VULHUB: VHN-134289 // VULMON: CVE-2018-4258 // JVNDB: JVNDB-2018-013597 // CNNVD: CNNVD-201901-412 // NVD: CVE-2018-4258

SOURCES

db:	VULHUB	id:	VHN-134289
db:	VULMON	id:	CVE-2018-4258
db:	JVNDB	id:	JVNDB-2018-013597
db:	CNNVD	id:	CNNVD-201901-412
db:	NVD	id:	CVE-2018-4258

LAST UPDATE DATE

2024-11-23T20:04:00.437000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134289	date:	2019-01-16T00:00:00
db:	VULMON	id:	CVE-2018-4258	date:	2019-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-013597	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201901-412	date:	2020-05-22T00:00:00
db:	NVD	id:	CVE-2018-4258	date:	2024-11-21T04:07:04.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134289	date:	2019-01-11T00:00:00
db:	VULMON	id:	CVE-2018-4258	date:	2019-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-013597	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201901-412	date:	2019-01-14T00:00:00
db:	NVD	id:	CVE-2018-4258	date:	2019-01-11T18:29:02.687