Vulnerability Details : CVE-2018-4200
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2018-4200
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-4200
85.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-4200
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-4200
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-4200
-
https://bugs.chromium.org/p/project-zero/issues/detail?id=1525
1525 - WebKit: use-after-free in WebCore::jsElementScrollHeightGetter - project-zero - MonorailExploit;Issue Tracking;Third Party Advisory
-
http://www.securityfocus.com/bid/103961
WebKit Multiple Memory Corruption VulnerabilitiesVDB Entry;Third Party Advisory
-
https://support.apple.com/HT208850
About the security content of tvOS 11.4 - Apple SupportVendor Advisory
-
https://support.apple.com/HT208853
About the security content of iCloud for Windows 7.5 - Apple SupportVendor Advisory
-
https://www.exploit-db.com/exploits/44566/
WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-FreeExploit;Third Party Advisory;VDB Entry
-
https://support.apple.com/HT208741
About the security content of Safari 11.1 - Apple SupportVendor Advisory
-
https://usn.ubuntu.com/3640-1/
USN-3640-1: WebKitGTK+ vulnerability | Ubuntu security noticesThird Party Advisory
-
https://support.apple.com/HT208852
About the security content of iTunes 12.7.5 for Windows - Apple SupportVendor Advisory
-
https://support.apple.com/HT208743
About the security content of iOS 11.3.1 - Apple SupportVendor Advisory
-
http://www.securitytracker.com/id/1040743
Apple Safari WebKit Memory Corruption Errors Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201808-04
WebkitGTK+: Multiple vulnerabilities (GLSA 201808-04) — Gentoo securityThird Party Advisory
Jump to