Details of VAR-201912-0632

ID

VAR-201912-0632

CVE

CVE-2019-8629

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-003317

DESCRIPTION

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Intel Graphics Driver is one of the integrated graphics drivers. A buffer error vulnerability exists in the Intel Graphics Driver component of Apple macOS Mojave prior to 10.14.5. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.8

sources: NVD: CVE-2019-8629 // JVNDB: JVNDB-2019-003317 // VULHUB: VHN-160064 // VULMON: CVE-2019-8629

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.5	Trust: 1.0
vendor:	apple	model:	tv software	scope:	lt	version:	7.3 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.3 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2019-003 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.5 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2019-003 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.1.1 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	7.3 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.2.1 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2019-003317 // NVD: CVE-2019-8629

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8629
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201905-473
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160064
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-8629
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-8629
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-160064
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8629
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-160064 // VULMON: CVE-2019-8629 // CNNVD: CNNVD-201905-473 // NVD: CVE-2019-8629

PROBLEMTYPE DATA

problemtype:

CWE-665

Trust: 1.1

sources: VULHUB: VHN-160064 // NVD: CVE-2019-8629

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-473

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-473

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003317

PATCH

title:	About the security content of iOS 12.3	url:	https://support.apple.com/en-us/HT210118	Trust: 0.8
title:	About the security content of Safari 12.1.1	url:	https://support.apple.com/en-us/HT210123	Trust: 0.8
title:	About the security content of Apple TV Software 7.3	url:	https://support.apple.com/en-us/HT210121	Trust: 0.8
title:	About the security content of tvOS 12.3	url:	https://support.apple.com/en-us/HT210120	Trust: 0.8
title:	About the security content of watchOS 5.2.1	url:	https://support.apple.com/en-us/HT210122	Trust: 0.8
title:	About the security content of macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra	url:	https://support.apple.com/en-us/HT210119	Trust: 0.8
title:	Apple macOS Mojave Intel Graphics Driver Fix for component buffer error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92629	Trust: 0.6
title:	Apple: macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=6b53c6ca54a4e5a7dbf9ea2c6eed06de	Trust: 0.1
title:	parafuzz	url:	https://github.com/Captainarash/parafuzz	Trust: 0.1

sources: VULMON: CVE-2019-8629 // JVNDB: JVNDB-2019-003317 // CNNVD: CNNVD-201905-473

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8629	Trust: 2.6
db:	JVN	id:	JVNVU93988385	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-003317	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-473	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1695	Trust: 0.6
db:	VULHUB	id:	VHN-160064	Trust: 0.1
db:	VULMON	id:	CVE-2019-8629	Trust: 0.1

sources: VULHUB: VHN-160064 // VULMON: CVE-2019-8629 // JVNDB: JVNDB-2019-003317 // CNNVD: CNNVD-201905-473 // NVD: CVE-2019-8629

REFERENCES

url:	https://support.apple.com/ht210119	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8629	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8634	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8576	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8604	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8637	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8635	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8585	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8606	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8622	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8589	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8616	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8613	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8590	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8617	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8620	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8611	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8591	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8626	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8610	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8560	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8593	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8629	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8609	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8568	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8599	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8630	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8574	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8603	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93988385/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8622	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8590	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8617	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8613	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8591	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8620	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8560	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8611	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8593	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8626	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8568	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8610	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8599	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8574	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8609	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8603	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8630	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8576	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8604	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8634	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8585	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8606	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8635	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8637	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8589	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8616	Trust: 0.8
url:	https://support.apple.com/en-au/ht210119	Trust: 0.6
url:	https://support.apple.com/en-us/ht210119	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80826	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/665.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/captainarash/parafuzz	Trust: 0.1
url:	https://support.apple.com/kb/ht210119	Trust: 0.1

sources: VULHUB: VHN-160064 // VULMON: CVE-2019-8629 // JVNDB: JVNDB-2019-003317 // CNNVD: CNNVD-201905-473 // NVD: CVE-2019-8629

SOURCES

db:	VULHUB	id:	VHN-160064
db:	VULMON	id:	CVE-2019-8629
db:	JVNDB	id:	JVNDB-2019-003317
db:	CNNVD	id:	CNNVD-201905-473
db:	NVD	id:	CVE-2019-8629

LAST UPDATE DATE

2024-11-23T19:46:08.642000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160064	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-8629	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-003317	date:	2020-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-473	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2019-8629	date:	2024-11-21T04:50:12.007

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160064	date:	2019-12-18T00:00:00
db:	VULMON	id:	CVE-2019-8629	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-003317	date:	2019-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201905-473	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-8629	date:	2019-12-18T18:15:30.427