Sign-up

ID

VAR-202010-0198


CVE

CVE-2019-8638


TITLE

plural Apple Multiple memory corruption vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-015877

DESCRIPTION

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple watchOS is a smart watch operating system

Trust: 1.8

sources: NVD: CVE-2019-8638 // JVNDB: JVNDB-2019-015877 // VULHUB: VHN-160073 // VULMON: CVE-2019-8638

AFFECTED PRODUCTS

vendor:applemodel:icloudscope:ltversion:7.11

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:5.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.2

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.9.4

Trust: 1.0

vendor:applemodel:safariscope:ltversion:12.1

Trust: 1.0

vendor:applemodel:iosscope:eqversion:12.2 未満 (iphone 5s 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.2 未満 (ipad air 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.2 未満 (ipod touch 第 6 世代)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:5.2 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:for windows 12.9.4 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:icloudscope:eqversion:for windows 7.11 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:12.1 未満 (macos sierra 10.12.6)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:12.1 未満 (macos high sierra 10.13.6)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:12.1 未満 (macos mojave 10.14.4)

Trust: 0.8

sources: JVNDB: JVNDB-2019-015877 // NVD: CVE-2019-8638

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8638
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015877
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1503
value: HIGH

Trust: 0.6

VULHUB: VHN-160073
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8638
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8638
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015877
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160073
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8638
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015877
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160073 // VULMON: CVE-2019-8638 // JVNDB: JVNDB-2019-015877 // CNNVD: CNNVD-202010-1503 // NVD: CVE-2019-8638

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2019-8638

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1503

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1503

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015877

PATCH
title:HT209599url:https://support.apple.com/en-us/HT209599
Trust: 0.8
title:HT209602url:https://support.apple.com/en-us/HT209602
Trust: 0.8
title:HT209603url:https://support.apple.com/en-us/HT209603
Trust: 0.8
title:HT209604url:https://support.apple.com/en-us/HT209604
Trust: 0.8
title:HT209605url:https://support.apple.com/en-us/HT209605
Trust: 0.8
title:HT209604url:https://support.apple.com/ja-jp/HT209604
Trust: 0.8
title:HT209605url:https://support.apple.com/ja-jp/HT209605
Trust: 0.8
title:HT209599url:https://support.apple.com/ja-jp/HT209599
Trust: 0.8
title:HT209602url:https://support.apple.com/ja-jp/HT209602
Trust: 0.8
title:HT209603url:https://support.apple.com/ja-jp/HT209603
Trust: 0.8
title:Apple Various product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131781
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-015877 // 
            
            
            
            CNNVD: CNNVD-202010-1503

EXTERNAL IDS
db:NVDid:CVE-2019-8638
Trust: 2.6
db:JVNid:JVNVU93236010
Trust: 0.8
db:JVNDBid:JVNDB-2019-015877
Trust: 0.8
db:CNNVDid:CNNVD-202010-1503
Trust: 0.7
db:VULHUBid:VHN-160073
Trust: 0.1
db:VULMONid:CVE-2019-8638
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160073 // 
            
            
            
            VULMON: CVE-2019-8638 // 
            
            
            
            JVNDB: JVNDB-2019-015877 // 
            
            
            
            CNNVD: CNNVD-202010-1503 // 
            
            
            
            NVD: CVE-2019-8638

REFERENCES
url:https://support.apple.com/en-us/ht209599
Trust: 1.8
url:https://support.apple.com/en-us/ht209602
Trust: 1.8
url:https://support.apple.com/en-us/ht209603
Trust: 1.8
url:https://support.apple.com/en-us/ht209604
Trust: 1.8
url:https://support.apple.com/en-us/ht209605
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8638
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8638
Trust: 0.8
url:http://jvn.jp/vu/jvnvu93236010/index.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160073 // 
            
            
            
            VULMON: CVE-2019-8638 // 
            
            
            
            JVNDB: JVNDB-2019-015877 // 
            
            
            
            CNNVD: CNNVD-202010-1503 // 
            
            
            
            NVD: CVE-2019-8638

SOURCES
db:VULHUBid:VHN-160073
db:VULMONid:CVE-2019-8638
db:JVNDBid:JVNDB-2019-015877
db:CNNVDid:CNNVD-202010-1503
db:NVDid:CVE-2019-8638

LAST UPDATE DATE
2024-08-14T12:14:50.990000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-160073date:2020-10-28T00:00:00
db:VULMONid:CVE-2019-8638date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2019-015877date:2021-01-28T05:11:36
db:CNNVDid:CNNVD-202010-1503date:2021-08-16T00:00:00
db:NVDid:CVE-2019-8638date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE
db:VULHUBid:VHN-160073date:2020-10-27T00:00:00
db:VULMONid:CVE-2019-8638date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2019-015877date:2021-01-28T05:11:36
db:CNNVDid:CNNVD-202010-1503date:2020-10-27T00:00:00
db:NVDid:CVE-2019-8638date:2020-10-27T20:15:16.423