Sign-up

ID

VAR-201904-1418


CVE

CVE-2018-4327


TITLE

iOS Memory corruption vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014951

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Core Bluetooth is one of the core Bluetooth components. A buffer error vulnerability exists in the Core Bluetooth component of Apple iOS prior to 11.4.1. An attacker could exploit this vulnerability to execute arbitrary code with system privileges

Trust: 1.71

sources: NVD: CVE-2018-4327 // JVNDB: JVNDB-2018-014951 // VULHUB: VHN-134358

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:11.4.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:11.4.1 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.4.1 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.4.1 (ipod touch first 6 generation )

Trust: 0.8

sources: JVNDB: JVNDB-2018-014951 // NVD: CVE-2018-4327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4327
value: HIGH

Trust: 1.0

NVD: CVE-2018-4327
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-138
value: HIGH

Trust: 0.6

VULHUB: VHN-134358
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4327
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134358
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4327
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134358 // JVNDB: JVNDB-2018-014951 // CNNVD: CNNVD-201904-138 // NVD: CVE-2018-4327

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134358 // JVNDB: JVNDB-2018-014951 // NVD: CVE-2018-4327

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201904-138

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-138

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014951

PATCH
title:HT208938url:https://support.apple.com/en-us/HT208938
Trust: 0.8
title:HT208938url:https://support.apple.com/ja-jp/HT208938
Trust: 0.8
title:Apple iOS Core Bluetooth Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91061
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014951 // 
            
            
            
            CNNVD: CNNVD-201904-138

EXTERNAL IDS
db:NVDid:CVE-2018-4327
Trust: 2.5
db:JVNid:JVNVU93082496
Trust: 0.8
db:JVNDBid:JVNDB-2018-014951
Trust: 0.8
db:CNNVDid:CNNVD-201904-138
Trust: 0.7
db:VULHUBid:VHN-134358
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134358 // 
            
            
            
            JVNDB: JVNDB-2018-014951 // 
            
            
            
            CNNVD: CNNVD-201904-138 // 
            
            
            
            NVD: CVE-2018-4327

REFERENCES
url:https://support.apple.com/kb/ht208938
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-4327
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4327
Trust: 0.8
url:https://jvn.jp/vu/jvnvu93082496/index.html
Trust: 0.8
sources:
            
            
            VULHUB: VHN-134358 // 
            
            
            
            JVNDB: JVNDB-2018-014951 // 
            
            
            
            CNNVD: CNNVD-201904-138 // 
            
            
            
            NVD: CVE-2018-4327

SOURCES
db:VULHUBid:VHN-134358
db:JVNDBid:JVNDB-2018-014951
db:CNNVDid:CNNVD-201904-138
db:NVDid:CVE-2018-4327

LAST UPDATE DATE
2024-11-23T19:52:06.016000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134358date:2019-04-05T00:00:00
db:JVNDBid:JVNDB-2018-014951date:2019-04-18T00:00:00
db:CNNVDid:CNNVD-201904-138date:2019-07-03T00:00:00
db:NVDid:CVE-2018-4327date:2024-11-21T04:07:12.087

SOURCES RELEASE DATE
db:VULHUBid:VHN-134358date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-014951date:2019-04-18T00:00:00
db:CNNVDid:CNNVD-201904-138date:2019-04-03T00:00:00
db:NVDid:CVE-2018-4327date:2019-04-03T18:29:08.033