Sign-up

ID

VAR-201904-1465


CVE

CVE-2018-4351


TITLE

macOS Vulnerable to memory initialization

Trust: 0.8

sources: JVNDB: JVNDB-2018-015002

DESCRIPTION

A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14. Apple From macOS An update for has been released.The potential impact depends on each vulnerability, but may be affected as follows: * Arbitrary code execution * information leak * Access restriction bypass. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of IntelFBClientControl's doAttribute method. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the kernel. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Intel Graphics Driver is one of the integrated graphics drivers. A resource management error vulnerability exists in the Intel Graphics Driver component of Apple macOS Mojave prior to 10.14. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 3.15

sources: NVD: CVE-2018-4351 // JVNDB: JVNDB-2018-015002 // JVNDB: JVNDB-2018-007762 // ZDI: ZDI-18-1343 // VULHUB: VHN-134382 // VULMON: CVE-2018-4351

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14

Trust: 1.8

vendor:applemodel:macos mojavescope:ltversion:10.14 earlier

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-18-1343 // JVNDB: JVNDB-2018-015002 // JVNDB: JVNDB-2018-007762 // NVD: CVE-2018-4351

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4351
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4351
value: MEDIUM

Trust: 0.8

ZDI: CVE-2018-4351
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201811-334
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134382
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-4351
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4351
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2018-4351
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-134382
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4351
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-18-1343 // VULHUB: VHN-134382 // VULMON: CVE-2018-4351 // JVNDB: JVNDB-2018-015002 // CNNVD: CNNVD-201811-334 // NVD: CVE-2018-4351

PROBLEMTYPE DATA

problemtype:CWE-665

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-134382 // JVNDB: JVNDB-2018-015002 // NVD: CVE-2018-4351

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201811-334

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201811-334

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015002

PATCH
title:HT209139url:https://support.apple.com/en-us/HT209139
Trust: 2.3
title:HT209139url:https://support.apple.com/ja-jp/HT209139
Trust: 0.8
title:Apple macOS Mojave Intel Graphics Driver Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86741
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-1343 // 
            
            
            
            JVNDB: JVNDB-2018-015002 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201811-334

EXTERNAL IDS
db:NVDid:CVE-2018-4351
Trust: 3.3
db:JVNid:JVNVU99356481
Trust: 1.6
db:JVNDBid:JVNDB-2018-015002
Trust: 0.8
db:JVNDBid:JVNDB-2018-007762
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6146
Trust: 0.7
db:ZDIid:ZDI-18-1343
Trust: 0.7
db:CNNVDid:CNNVD-201811-334
Trust: 0.7
db:VULHUBid:VHN-134382
Trust: 0.1
db:VULMONid:CVE-2018-4351
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-1343 // 
            
            
            
            VULHUB: VHN-134382 // 
            
            
            
            VULMON: CVE-2018-4351 // 
            
            
            
            JVNDB: JVNDB-2018-015002 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201811-334 // 
            
            
            
            NVD: CVE-2018-4351

REFERENCES
url:https://support.apple.com/kb/ht209139
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4351
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4351
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99356481/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99356481/
Trust: 0.8
url:https://support.apple.com/en-us/ht209139
Trust: 0.7
url:https://cwe.mitre.org/data/definitions/665.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://seclists.org/fulldisclosure/2018/nov/16
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-1343 // 
            
            
            
            VULHUB: VHN-134382 // 
            
            
            
            VULMON: CVE-2018-4351 // 
            
            
            
            JVNDB: JVNDB-2018-015002 // 
            
            
            
            JVNDB: JVNDB-2018-007762 // 
            
            
            
            CNNVD: CNNVD-201811-334 // 
            
            
            
            NVD: CVE-2018-4351

CREDITS
Appology Team @ Theori
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-1343

SOURCES
db:ZDIid:ZDI-18-1343
db:VULHUBid:VHN-134382
db:VULMONid:CVE-2018-4351
db:JVNDBid:JVNDB-2018-015002
db:JVNDBid:JVNDB-2018-007762
db:CNNVDid:CNNVD-201811-334
db:NVDid:CVE-2018-4351

LAST UPDATE DATE
2024-11-23T20:47:43.094000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1343date:2018-11-05T00:00:00
db:VULHUBid:VHN-134382date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-4351date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-015002date:2019-04-18T00:00:00
db:JVNDBid:JVNDB-2018-007762date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201811-334date:2019-10-08T00:00:00
db:NVDid:CVE-2018-4351date:2024-11-21T04:07:14.827

SOURCES RELEASE DATE
db:ZDIid:ZDI-18-1343date:2018-11-05T00:00:00
db:VULHUBid:VHN-134382date:2019-04-03T00:00:00
db:VULMONid:CVE-2018-4351date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-015002date:2019-04-18T00:00:00
db:JVNDBid:JVNDB-2018-007762date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201811-334date:2018-11-13T00:00:00
db:NVDid:CVE-2018-4351date:2019-04-03T18:29:09.673