ID

VAR-201904-0756

CVE

CVE-2018-4126

TITLE

Apple macOS nsurlstoraged Out-Of-Bounds Read Information Disclosure Vulnerability

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * Arbitrary code execution * Script execution * information leak * Access restriction avoidance. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of cookie data. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current user. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. CFNetwork is one of the low-level, high-performance frameworks, which is an extension of BSD sockets (sockets). A buffer error vulnerability exists in the CFNetwork component of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A remote attacker may be able to attack AFP servers through HTTP clients Description: An input validation issue was addressed with improved input validation. CVE-2018-4415: Liang Zhuo working with Beyond Security's SecuriTeam Secure Disclosure CoreCrypto Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers Description: An issue existed in the method for determining prime numbers. CVE-2018-4423: an anonymous researcher EFI Available for: macOS High Sierra 10.13.6 Impact: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis Description: An information disclosure issue was addressed with a microcode update. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel. CVE-2018-4331: Brandon Azad Hypervisor Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis Description: An information disclosure issue was addressed by flushing the L1 data cache at the virtual machine entry. CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. CVE-2018-4424: Dr. CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs Microcode Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis Description: An information disclosure issue was addressed with a microcode update. This ensures that implementation specific system registers cannot be leaked via a speculative execution side-channel. CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd. CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische UniversitA$?t Darmstadt Additional recognition Calendar We would like to acknowledge an anonymous researcher for their assistance. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14 macOS Mojave 10.14 addresses the following: Bluetooth Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac (Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015), Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012) , Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro (Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air (13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air (13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air (13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air (13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro (15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013), MacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina, 13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013) Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580) afpserver Impact: A remote attacker may be able to attack AFP servers through HTTP clients Description: An input validation issue was addressed with improved input validation. CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc. CVE-2018-4353: Abhinav Bansal of LinkedIn Inc. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12 iOS 12 addresses the following: Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue was addressed with improved entitlements. CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Auto Unlock Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreMedia Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. CVE-2018-4356: an anonymous researcher CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018 Crash Reporter Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4333: Brandon Azad Grand Central Dispatch Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018 Heimdal Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad CVE-2018-4332: Brandon Azad CVE-2018-4343: Brandon Azad Entry added October 30, 2018 iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A configuration issue was addressed with additional restrictions. CVE-2018-4355: evi1m0 of bilibili security team Entry added October 30, 2018 IOHIDFamily Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018 IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4335: Brandon Azad IOUserEthernet Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018 iTunes Store Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4363: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 mDNSOffloadUserClient Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team Entry added October 30, 2018 MediaRemote Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs Entry added October 30, 2018 Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted messages Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted notes Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4352: Utku Altinkaynak Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. CVE-2018-4329: Hugo S. Diaz (coldpointblue) SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4362: Jun Kokatsu (@shhnjk) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018 Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2018-4325: Brian Adeloye Symptom Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Text Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) CVE-2018-4360: William Bowling (@wcbowling) Entry added October 30, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may cause unexepected cross-origin behavior Description: A cross-origin issue existed with "iframe" elements. CVE-2018-4319: John Pettitt of Google WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4197: Ivan Fratric of Google Project Zero CVE-2018-4306: Ivan Fratric of Google Project Zero CVE-2018-4312: Ivan Fratric of Google Project Zero CVE-2018-4314: Ivan Fratric of Google Project Zero CVE-2018-4315: Ivan Fratric of Google Project Zero CVE-2018-4317: Ivan Fratric of Google Project Zero CVE-2018-4318: Ivan Fratric of Google Project Zero WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. CVE-2018-4345: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cross-origin SecurityErrors includes the accessed frame's origin Description: The issue was addressed by removing origin information. CVE-2018-4311: Erling Alf Ellingsen (@steike) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by OSS-Fuzz Additional recognition APFS We would like to acknowledge Umang Raghuvanshi for their assistance. Assets We would like to acknowledge Brandon Azad for their assistance. configd We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. CoreSymbolication We would like to acknowledge Brandon Azad for their assistance. Exchange ActiveSync We would like to acknowledge Jesse Thompson of University of Wisconsin-Madison for their assistance. Feedback Assistant We would like to acknowledge Marco Grassi (@marcograss) of KeenLab (@keen_lab) Tencent working with Trend Micro's Zero Day Initiative for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, Gunnar Diepenbruck, and Zbyszek A>>A3Akiewski for their assistance. MediaRemote We would like to acknowledge Brandon Azad for their assistance. Quick Look We would like to acknowledge lokihardt of Google Project Zero for their assistance. Safari We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad Galbin for their assistance. Sandbox Profiles We would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance. Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Status Bar We would like to acknowledge Ju Zhu of Meituan and Moony Li and Lilang Wu of Trend Micro for their assistance. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA// ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL 8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7 d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4= =dGPm -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

buffer error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Bruno Keith (@bkth_)

SOURCES

LAST UPDATE DATE

2024-11-23T20:49:26.260000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE