Sign-up

ID

VAR-201904-1471


CVE

CVE-2018-4357


TITLE

Xcode Memory corruption vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014923

DESCRIPTION

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. LLVM (Low Level Virtual Machine) is a framework system of a framework compiler (compiler) developed by the LLVM team. A security vulnerability exists in LLVM components in versions prior to Apple Xcode 10. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2018-4357 // JVNDB: JVNDB-2018-014923 // VULHUB: VHN-134388

AFFECTED PRODUCTS

vendor:applemodel:xcodescope:ltversion:10

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:10 (macos high sierra 10.13.6 or later )

Trust: 0.8

sources: JVNDB: JVNDB-2018-014923 // NVD: CVE-2018-4357

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4357
value: HIGH

Trust: 1.0

NVD: CVE-2018-4357
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-143
value: HIGH

Trust: 0.6

VULHUB: VHN-134388
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4357
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134388
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4357
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134388 // JVNDB: JVNDB-2018-014923 // CNNVD: CNNVD-201904-143 // NVD: CVE-2018-4357

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134388 // JVNDB: JVNDB-2018-014923 // NVD: CVE-2018-4357

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201904-143

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-143

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014923

PATCH
title:HT209135url:https://support.apple.com/en-us/HT209135
Trust: 0.8
title:HT209135url:https://support.apple.com/ja-jp/HT209135
Trust: 0.8
title:Apple Xcode LLVM Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91066
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014923 // 
            
            
            
            CNNVD: CNNVD-201904-143

EXTERNAL IDS
db:NVDid:CVE-2018-4357
Trust: 2.5
db:JVNDBid:JVNDB-2018-014923
Trust: 0.8
db:CNNVDid:CNNVD-201904-143
Trust: 0.7
db:VULHUBid:VHN-134388
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134388 // 
            
            
            
            JVNDB: JVNDB-2018-014923 // 
            
            
            
            CNNVD: CNNVD-201904-143 // 
            
            
            
            NVD: CVE-2018-4357

REFERENCES
url:https://support.apple.com/kb/ht209135
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-4357
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4357
Trust: 0.8
sources:
            
            
            VULHUB: VHN-134388 // 
            
            
            
            JVNDB: JVNDB-2018-014923 // 
            
            
            
            CNNVD: CNNVD-201904-143 // 
            
            
            
            NVD: CVE-2018-4357

SOURCES
db:VULHUBid:VHN-134388
db:JVNDBid:JVNDB-2018-014923
db:CNNVDid:CNNVD-201904-143
db:NVDid:CVE-2018-4357

LAST UPDATE DATE
2024-08-14T14:38:56.985000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134388date:2019-04-05T00:00:00
db:JVNDBid:JVNDB-2018-014923date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201904-143date:2019-04-08T00:00:00
db:NVDid:CVE-2018-4357date:2019-04-05T16:13:11.950

SOURCES RELEASE DATE
db:VULHUBid:VHN-134388date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-014923date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201904-143date:2019-04-03T00:00:00
db:NVDid:CVE-2018-4357date:2019-04-03T18:29:09.970