Details of VAR-201901-1024

ID

VAR-201901-1024

CVE

CVE-2018-4194

TITLE

plural Apple Product out-of-bounds reading vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013962

DESCRIPTION

In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. plural Apple The product has a flaw in reading due to incomplete processing related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-4194 // JVNDB: JVNDB-2018-013962 // VULHUB: VHN-134225

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	gte	version:	10.13.0	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.7.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.5	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.4	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	7.5 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.7.5 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.1 (apple watch all models )	Trust: 0.8

sources: JVNDB: JVNDB-2018-013962 // NVD: CVE-2018-4194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4194
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4194
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201901-400
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-134225
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4194
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-134225
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4194
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134225 // JVNDB: JVNDB-2018-013962 // CNNVD: CNNVD-201901-400 // NVD: CVE-2018-4194

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-134225 // JVNDB: JVNDB-2018-013962 // NVD: CVE-2018-4194

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-400

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201901-400

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013962

PATCH

title:	HT208853	url:	https://support.apple.com/en-us/HT208853	Trust: 0.8
title:	HT208848	url:	https://support.apple.com/en-us/HT208848	Trust: 0.8
title:	HT208849	url:	https://support.apple.com/en-us/HT208849	Trust: 0.8
title:	HT208851	url:	https://support.apple.com/en-us/HT208851	Trust: 0.8
title:	HT208852	url:	https://support.apple.com/en-us/HT208852	Trust: 0.8
title:	HT208848	url:	https://support.apple.com/ja-jp/HT208848	Trust: 0.8
title:	HT208849	url:	https://support.apple.com/ja-jp/HT208849	Trust: 0.8
title:	HT208851	url:	https://support.apple.com/ja-jp/HT208851	Trust: 0.8
title:	HT208852	url:	https://support.apple.com/ja-jp/HT208852	Trust: 0.8
title:	HT208853	url:	https://support.apple.com/ja-jp/HT208853	Trust: 0.8
title:	Multiple Apple product CoreGraphics Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88564	Trust: 0.6

sources: JVNDB: JVNDB-2018-013962 // CNNVD: CNNVD-201901-400

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4194	Trust: 2.5
db:	JVN	id:	JVNVU98864649	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-013962	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-400	Trust: 0.6
db:	VULHUB	id:	VHN-134225	Trust: 0.1

sources: VULHUB: VHN-134225 // JVNDB: JVNDB-2018-013962 // CNNVD: CNNVD-201901-400 // NVD: CVE-2018-4194

REFERENCES

url:	https://support.apple.com/ht208849	Trust: 1.7
url:	https://support.apple.com/ht208848	Trust: 1.7
url:	https://support.apple.com/ht208851	Trust: 1.7
url:	https://support.apple.com/ht208852	Trust: 1.7
url:	https://support.apple.com/ht208853	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4194	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98864649/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4194	Trust: 0.8

sources: VULHUB: VHN-134225 // JVNDB: JVNDB-2018-013962 // CNNVD: CNNVD-201901-400 // NVD: CVE-2018-4194

SOURCES

db:	VULHUB	id:	VHN-134225
db:	JVNDB	id:	JVNDB-2018-013962
db:	CNNVD	id:	CNNVD-201901-400
db:	NVD	id:	CVE-2018-4194

LAST UPDATE DATE

2024-11-23T21:17:06.186000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134225	date:	2019-01-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-013962	date:	2019-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201901-400	date:	2019-04-01T00:00:00
db:	NVD	id:	CVE-2018-4194	date:	2024-11-21T04:06:56.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134225	date:	2019-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-013962	date:	2019-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201901-400	date:	2019-01-14T00:00:00
db:	NVD	id:	CVE-2018-4194	date:	2019-01-11T18:29:01.423