CVE-2018-4392 : Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iO

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

Published 2019-04-03 18:29:13

Updated 2019-04-05 16:12:20

Source Apple Inc.

View at NVD, CVE.org

Vulnerability category: OverflowMemory Corruption

Exploit prediction scoring system (EPSS) score for CVE-2018-4392

Probability of exploitation activity in the next 30 days: 0.81%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2018-4392

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-4392

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-4392

https://support.apple.com/kb/HT209194

About the security content of tvOS 12.1 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/kb/HT209195

About the security content of watchOS 5.1 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/kb/HT209197

About the security content of iTunes 12.9.1 for Windows - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/kb/HT209192

About the security content of iOS 12.1 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/kb/HT209198

About the security content of iCloud for Windows 7.8 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/kb/HT209196

About the security content of Safari 12.0.1 - Apple Support
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2018-4392

Apple » Safari
Versions before (<) 12.0.1
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Matching versions
Apple » Itunes
Versions before (<) 12.9.1
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Apple » Iphone Os
Versions before (<) 12.1
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Watchos
Versions before (<) 5.1
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Matching versions
Apple » Icloud
Versions before (<) 7.8
cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Apple » Tvos
Versions before (<) 12.1
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2018-4392

Exploit prediction scoring system (EPSS) score for CVE-2018-4392

CVSS scores for CVE-2018-4392

CWE ids for CVE-2018-4392

References for CVE-2018-4392

Products affected by CVE-2018-4392