Sign-up

ID

VAR-201904-0750


CVE

CVE-2018-4145


TITLE

plural Apple Memory corruption vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014847

DESCRIPTION

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4. plural Apple The product has a memory corruption vulnerability due to incomplete memory handling.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. tvOS is a smart TV operating system. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A buffer error vulnerability exists in the WebKit component of several Apple products. An attacker could exploit this vulnerability to execute code through maliciously crafted web content

Trust: 1.71

sources: NVD: CVE-2018-4145 // JVNDB: JVNDB-2018-014847 // VULHUB: VHN-134176

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:ltversion:4.3

Trust: 1.0

vendor:applemodel:safariscope:ltversion:11.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:11.3

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.4

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.7.4

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:11.3

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14

Trust: 0.8

vendor:applemodel:icloudscope:ltversion:for windows 7.4 (windows 7 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.3 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.3 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.3 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.7.5 (windows 7 or later )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.8 (windows 7 or later )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.1 (macos high sierra 10.13.4)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.1 (macos sierra 10.12.6)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.1 (os x el capitan 10.11.6)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.3 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.3 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:4.3 (apple watch all models )

Trust: 0.8

sources: JVNDB: JVNDB-2018-014847 // NVD: CVE-2018-4145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4145
value: HIGH

Trust: 1.0

NVD: CVE-2018-4145
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-122
value: HIGH

Trust: 0.6

VULHUB: VHN-134176
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4145
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134176
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4145
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134176 // JVNDB: JVNDB-2018-014847 // CNNVD: CNNVD-201904-122 // NVD: CVE-2018-4145

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134176 // JVNDB: JVNDB-2018-014847 // NVD: CVE-2018-4145

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-122

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-122

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014847

PATCH
title:HT208698url:https://support.apple.com/en-us/HT208698
Trust: 0.8
title:HT208852url:https://support.apple.com/en-us/HT208852
Trust: 0.8
title:HT208933url:https://support.apple.com/en-us/HT208933
Trust: 0.8
title:HT208693url:https://support.apple.com/en-us/HT208693
Trust: 0.8
title:HT208695url:https://support.apple.com/en-us/HT208695
Trust: 0.8
title:HT208696url:https://support.apple.com/en-us/HT208696
Trust: 0.8
title:HT208697url:https://support.apple.com/en-us/HT208697
Trust: 0.8
title:HT208852url:https://support.apple.com/ja-jp/HT208852
Trust: 0.8
title:HT208933url:https://support.apple.com/ja-jp/HT208933
Trust: 0.8
title:HT208693url:https://support.apple.com/ja-jp/HT208693
Trust: 0.8
title:HT208695url:https://support.apple.com/ja-jp/HT208695
Trust: 0.8
title:HT208696url:https://support.apple.com/ja-jp/HT208696
Trust: 0.8
title:HT208697url:https://support.apple.com/ja-jp/HT208697
Trust: 0.8
title:HT208698url:https://support.apple.com/ja-jp/HT208698
Trust: 0.8
title:Multiple Apple product WebKit Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91045
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014847 // 
            
            
            
            CNNVD: CNNVD-201904-122

EXTERNAL IDS
db:NVDid:CVE-2018-4145
Trust: 2.5
db:JVNid:JVNVU92378299
Trust: 0.8
db:JVNid:JVNVU98864649
Trust: 0.8
db:JVNDBid:JVNDB-2018-014847
Trust: 0.8
db:CNNVDid:CNNVD-201904-122
Trust: 0.7
db:VULHUBid:VHN-134176
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134176 // 
            
            
            
            JVNDB: JVNDB-2018-014847 // 
            
            
            
            CNNVD: CNNVD-201904-122 // 
            
            
            
            NVD: CVE-2018-4145

REFERENCES
url:https://support.apple.com/kb/ht208693
Trust: 1.7
url:https://support.apple.com/kb/ht208695
Trust: 1.7
url:https://support.apple.com/kb/ht208696
Trust: 1.7
url:https://support.apple.com/kb/ht208697
Trust: 1.7
url:https://support.apple.com/kb/ht208698
Trust: 1.7
url:https://support.apple.com/kb/ht208852
Trust: 1.7
url:https://support.apple.com/kb/ht208933
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-4145
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4145
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98864649/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92378299/index.html
Trust: 0.8
sources:
            
            
            VULHUB: VHN-134176 // 
            
            
            
            JVNDB: JVNDB-2018-014847 // 
            
            
            
            CNNVD: CNNVD-201904-122 // 
            
            
            
            NVD: CVE-2018-4145

SOURCES
db:VULHUBid:VHN-134176
db:JVNDBid:JVNDB-2018-014847
db:CNNVDid:CNNVD-201904-122
db:NVDid:CVE-2018-4145

LAST UPDATE DATE
2024-11-23T21:11:58.635000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134176date:2019-04-04T00:00:00
db:JVNDBid:JVNDB-2018-014847date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201904-122date:2019-07-05T00:00:00
db:NVDid:CVE-2018-4145date:2024-11-21T04:06:51.173

SOURCES RELEASE DATE
db:VULHUBid:VHN-134176date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-014847date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201904-122date:2019-04-03T00:00:00
db:NVDid:CVE-2018-4145date:2019-04-03T18:29:02.300