ID

VAR-202010-0199


CVE

CVE-2019-8639


TITLE

plural Apple Multiple memory corruption vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-015881

DESCRIPTION

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices

Trust: 1.8

sources: NVD: CVE-2019-8639 // JVNDB: JVNDB-2019-015881 // VULHUB: VHN-160074 // VULMON: CVE-2019-8639

AFFECTED PRODUCTS

vendor:applemodel:icloudscope:ltversion:7.11

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:5.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.2

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.9.4

Trust: 1.0

vendor:applemodel:safariscope:ltversion:12.1

Trust: 1.0

vendor:applemodel:iosscope:eqversion:12.2 未満 (iphone 5s 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.2 未満 (ipad air 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.2 未満 (ipod touch 第 6 世代)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:5.2 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:for windows 12.9.4 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:icloudscope:eqversion:for windows 7.11 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:12.1 未満 (macos sierra 10.12.6)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:12.1 未満 (macos high sierra 10.13.6)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:12.1 未満 (macos mojave 10.14.4)

Trust: 0.8

sources: JVNDB: JVNDB-2019-015881 // NVD: CVE-2019-8639

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8639
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015881
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1502
value: HIGH

Trust: 0.6

VULHUB: VHN-160074
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8639
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8639
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015881
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160074
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8639
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015881
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160074 // VULMON: CVE-2019-8639 // JVNDB: JVNDB-2019-015881 // CNNVD: CNNVD-202010-1502 // NVD: CVE-2019-8639

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2019-8639

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1502

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1502

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015881

PATCH

title:HT209599url:https://support.apple.com/en-us/HT209599

Trust: 0.8

title:HT209602url:https://support.apple.com/en-us/HT209602

Trust: 0.8

title:HT209603url:https://support.apple.com/en-us/HT209603

Trust: 0.8

title:HT209604url:https://support.apple.com/en-us/HT209604

Trust: 0.8

title:HT209605url:https://support.apple.com/en-us/HT209605

Trust: 0.8

title:HT209604url:https://support.apple.com/ja-jp/HT209604

Trust: 0.8

title:HT209605url:https://support.apple.com/ja-jp/HT209605

Trust: 0.8

title:HT209599url:https://support.apple.com/ja-jp/HT209599

Trust: 0.8

title:HT209602url:https://support.apple.com/ja-jp/HT209602

Trust: 0.8

title:HT209603url:https://support.apple.com/ja-jp/HT209603

Trust: 0.8

title:Multiple Apple Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131780

Trust: 0.6

sources: JVNDB: JVNDB-2019-015881 // CNNVD: CNNVD-202010-1502

EXTERNAL IDS

db:NVDid:CVE-2019-8639

Trust: 2.6

db:JVNid:JVNVU93236010

Trust: 0.8

db:JVNDBid:JVNDB-2019-015881

Trust: 0.8

db:CNNVDid:CNNVD-202010-1502

Trust: 0.7

db:CNVDid:CNVD-2020-61926

Trust: 0.1

db:VULHUBid:VHN-160074

Trust: 0.1

db:VULMONid:CVE-2019-8639

Trust: 0.1

sources: VULHUB: VHN-160074 // VULMON: CVE-2019-8639 // JVNDB: JVNDB-2019-015881 // CNNVD: CNNVD-202010-1502 // NVD: CVE-2019-8639

REFERENCES

url:https://support.apple.com/en-us/ht209599

Trust: 1.8

url:https://support.apple.com/en-us/ht209602

Trust: 1.8

url:https://support.apple.com/en-us/ht209603

Trust: 1.8

url:https://support.apple.com/en-us/ht209604

Trust: 1.8

url:https://support.apple.com/en-us/ht209605

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8639

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8639

Trust: 0.8

url:http://jvn.jp/vu/jvnvu93236010/index.html

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-160074 // VULMON: CVE-2019-8639 // JVNDB: JVNDB-2019-015881 // CNNVD: CNNVD-202010-1502 // NVD: CVE-2019-8639

SOURCES

db:VULHUBid:VHN-160074
db:VULMONid:CVE-2019-8639
db:JVNDBid:JVNDB-2019-015881
db:CNNVDid:CNNVD-202010-1502
db:NVDid:CVE-2019-8639

LAST UPDATE DATE

2024-08-14T12:42:59.235000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-160074date:2020-10-28T00:00:00
db:VULMONid:CVE-2019-8639date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2019-015881date:2021-01-28T05:11:43
db:CNNVDid:CNNVD-202010-1502date:2021-08-16T00:00:00
db:NVDid:CVE-2019-8639date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:VULHUBid:VHN-160074date:2020-10-27T00:00:00
db:VULMONid:CVE-2019-8639date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2019-015881date:2021-01-28T05:11:43
db:CNNVDid:CNNVD-202010-1502date:2020-10-27T00:00:00
db:NVDid:CVE-2019-8639date:2020-10-27T20:15:16.500