Sign-up

ID

VAR-201901-1023


CVE

CVE-2018-4189


TITLE

plural Apple Memory corruption vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-013614

DESCRIPTION

In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling. plural Apple The product has a memory corruption vulnerability due to incomplete memory handling.There is a possibility of memory corruption

Trust: 1.8

sources: NVD: CVE-2018-4189 // JVNDB: JVNDB-2018-013614 // VULHUB: VHN-134220 // VULMON: CVE-2018-4189

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:ltversion:4.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:11.2.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.3

Trust: 1.0

vendor:applemodel:tvscope:ltversion:11.2.5

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.2

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2.5 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2.5 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2.5 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.2.5 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.2.5 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:4.2.2 (apple watch all models )

Trust: 0.8

vendor:applemodel:tvscope:eqversion:2.0.1

Trust: 0.6

vendor:applemodel:tvscope:eqversion:1.1.0

Trust: 0.6

vendor:applemodel:tvscope:eqversion:2.1.0

Trust: 0.6

vendor:applemodel:tvscope:eqversion:2.2.0

Trust: 0.6

vendor:applemodel:tvscope:eqversion:2.4.0

Trust: 0.6

vendor:applemodel:tvscope:eqversion:2.3.0

Trust: 0.6

vendor:applemodel:tvscope:eqversion:2.0.2

Trust: 0.6

vendor:applemodel:tvscope:eqversion:1.0.0

Trust: 0.6

vendor:applemodel:tvscope:eqversion:2.3.1

Trust: 0.6

vendor:applemodel:tvscope:eqversion:2.0.0

Trust: 0.6

sources: JVNDB: JVNDB-2018-013614 // CNNVD: CNNVD-201901-399 // NVD: CVE-2018-4189

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4189
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-4189
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201901-399
value: CRITICAL

Trust: 0.6

VULHUB: VHN-134220
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4189
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4189
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134220
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4189
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134220 // VULMON: CVE-2018-4189 // JVNDB: JVNDB-2018-013614 // CNNVD: CNNVD-201901-399 // NVD: CVE-2018-4189

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134220 // JVNDB: JVNDB-2018-013614 // NVD: CVE-2018-4189

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-399

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201901-399

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013614

PATCH
title:HT208462url:https://support.apple.com/en-us/HT208462
Trust: 0.8
title:HT208463url:https://support.apple.com/en-us/HT208463
Trust: 0.8
title:HT208464url:https://support.apple.com/en-us/HT208464
Trust: 0.8
title:HT208465url:https://support.apple.com/en-us/HT208465
Trust: 0.8
title:HT208462url:https://support.apple.com/ja-jp/HT208462
Trust: 0.8
title:HT208463url:https://support.apple.com/ja-jp/HT208463
Trust: 0.8
title:HT208464url:https://support.apple.com/ja-jp/HT208464
Trust: 0.8
title:HT208465url:https://support.apple.com/ja-jp/HT208465
Trust: 0.8
title:Multiple Apple product Kernel Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88563
Trust: 0.6
title:Apple: iOS 11.2.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=1b776314c9d657c984f3dc7b0dc72bfa
Trust: 0.1
title:Apple: watchOS 4.2.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=86ed426c97c126c4934a936a2782aa06
Trust: 0.1
title:Apple: tvOS 11.2.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ae65c86c2cefebd685318cf7662d741a
Trust: 0.1
title:Apple: macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitanurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f90f5551077f4ae87cb6d5192df0a729
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-4189 // 
            
            
            
            JVNDB: JVNDB-2018-013614 // 
            
            
            
            CNNVD: CNNVD-201901-399

EXTERNAL IDS
db:NVDid:CVE-2018-4189
Trust: 2.6
db:JVNid:JVNVU99446427
Trust: 0.8
db:JVNDBid:JVNDB-2018-013614
Trust: 0.8
db:CNNVDid:CNNVD-201901-399
Trust: 0.6
db:VULHUBid:VHN-134220
Trust: 0.1
db:VULMONid:CVE-2018-4189
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134220 // 
            
            
            
            VULMON: CVE-2018-4189 // 
            
            
            
            JVNDB: JVNDB-2018-013614 // 
            
            
            
            CNNVD: CNNVD-201901-399 // 
            
            
            
            NVD: CVE-2018-4189

REFERENCES
url:https://support.apple.com/ht208462
Trust: 1.8
url:https://support.apple.com/ht208463
Trust: 1.8
url:https://support.apple.com/ht208464
Trust: 1.8
url:https://support.apple.com/ht208465
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4189
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99446427/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4189
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht208463
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134220 // 
            
            
            
            VULMON: CVE-2018-4189 // 
            
            
            
            JVNDB: JVNDB-2018-013614 // 
            
            
            
            CNNVD: CNNVD-201901-399 // 
            
            
            
            NVD: CVE-2018-4189

SOURCES
db:VULHUBid:VHN-134220
db:VULMONid:CVE-2018-4189
db:JVNDBid:JVNDB-2018-013614
db:CNNVDid:CNNVD-201901-399
db:NVDid:CVE-2018-4189

LAST UPDATE DATE
2024-11-23T19:42:49.810000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134220date:2019-01-17T00:00:00
db:VULMONid:CVE-2018-4189date:2019-01-17T00:00:00
db:JVNDBid:JVNDB-2018-013614date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-399date:2019-01-14T00:00:00
db:NVDid:CVE-2018-4189date:2024-11-21T04:06:56.137

SOURCES RELEASE DATE
db:VULHUBid:VHN-134220date:2019-01-11T00:00:00
db:VULMONid:CVE-2018-4189date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2018-013614date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-399date:2019-01-14T00:00:00
db:NVDid:CVE-2018-4189date:2019-01-11T18:29:01.327