Sign-up

ID

VAR-202010-0199


CVE

CVE-2019-8639


TITLE

plural Apple Multiple memory corruption vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-015881

DESCRIPTION

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices

Trust: 1.8

sources: NVD: CVE-2019-8639 // JVNDB: JVNDB-2019-015881 // VULHUB: VHN-160074 // VULMON: CVE-2019-8639

AFFECTED PRODUCTS

vendor:applemodel:icloudscope:ltversion:7.11

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:5.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.2

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.9.4

Trust: 1.0

vendor:applemodel:safariscope:ltversion:12.1

Trust: 1.0

vendor:applemodel:iosscope:eqversion:12.2 未満 (iphone 5s 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.2 未満 (ipad air 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.2 未満 (ipod touch 第 6 世代)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:5.2 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:for windows 12.9.4 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:icloudscope:eqversion:for windows 7.11 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:12.1 未満 (macos sierra 10.12.6)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:12.1 未満 (macos high sierra 10.13.6)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:12.1 未満 (macos mojave 10.14.4)

Trust: 0.8

sources: JVNDB: JVNDB-2019-015881 // NVD: CVE-2019-8639

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8639
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015881
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1502
value: HIGH

Trust: 0.6

VULHUB: VHN-160074
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8639
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8639
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015881
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160074
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8639
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015881
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160074 // VULMON: CVE-2019-8639 // JVNDB: JVNDB-2019-015881 // CNNVD: CNNVD-202010-1502 // NVD: CVE-2019-8639

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2019-8639

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1502

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1502

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015881

PATCH
title:HT209599url:https://support.apple.com/en-us/HT209599
Trust: 0.8
title:HT209602url:https://support.apple.com/en-us/HT209602
Trust: 0.8
title:HT209603url:https://support.apple.com/en-us/HT209603
Trust: 0.8
title:HT209604url:https://support.apple.com/en-us/HT209604
Trust: 0.8
title:HT209605url:https://support.apple.com/en-us/HT209605
Trust: 0.8
title:HT209604url:https://support.apple.com/ja-jp/HT209604
Trust: 0.8
title:HT209605url:https://support.apple.com/ja-jp/HT209605
Trust: 0.8
title:HT209599url:https://support.apple.com/ja-jp/HT209599
Trust: 0.8
title:HT209602url:https://support.apple.com/ja-jp/HT209602
Trust: 0.8
title:HT209603url:https://support.apple.com/ja-jp/HT209603
Trust: 0.8
title:Multiple  Apple Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131780
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-015881 // 
            
            
            
            CNNVD: CNNVD-202010-1502

EXTERNAL IDS
db:NVDid:CVE-2019-8639
Trust: 2.6
db:JVNid:JVNVU93236010
Trust: 0.8
db:JVNDBid:JVNDB-2019-015881
Trust: 0.8
db:CNNVDid:CNNVD-202010-1502
Trust: 0.7
db:CNVDid:CNVD-2020-61926
Trust: 0.1
db:VULHUBid:VHN-160074
Trust: 0.1
db:VULMONid:CVE-2019-8639
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160074 // 
            
            
            
            VULMON: CVE-2019-8639 // 
            
            
            
            JVNDB: JVNDB-2019-015881 // 
            
            
            
            CNNVD: CNNVD-202010-1502 // 
            
            
            
            NVD: CVE-2019-8639

REFERENCES
url:https://support.apple.com/en-us/ht209599
Trust: 1.8
url:https://support.apple.com/en-us/ht209602
Trust: 1.8
url:https://support.apple.com/en-us/ht209603
Trust: 1.8
url:https://support.apple.com/en-us/ht209604
Trust: 1.8
url:https://support.apple.com/en-us/ht209605
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8639
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8639
Trust: 0.8
url:http://jvn.jp/vu/jvnvu93236010/index.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160074 // 
            
            
            
            VULMON: CVE-2019-8639 // 
            
            
            
            JVNDB: JVNDB-2019-015881 // 
            
            
            
            CNNVD: CNNVD-202010-1502 // 
            
            
            
            NVD: CVE-2019-8639

SOURCES
db:VULHUBid:VHN-160074
db:VULMONid:CVE-2019-8639
db:JVNDBid:JVNDB-2019-015881
db:CNNVDid:CNNVD-202010-1502
db:NVDid:CVE-2019-8639

LAST UPDATE DATE
2024-08-14T12:42:59.235000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-160074date:2020-10-28T00:00:00
db:VULMONid:CVE-2019-8639date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2019-015881date:2021-01-28T05:11:43
db:CNNVDid:CNNVD-202010-1502date:2021-08-16T00:00:00
db:NVDid:CVE-2019-8639date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE
db:VULHUBid:VHN-160074date:2020-10-27T00:00:00
db:VULMONid:CVE-2019-8639date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2019-015881date:2021-01-28T05:11:43
db:CNNVDid:CNNVD-202010-1502date:2020-10-27T00:00:00
db:NVDid:CVE-2019-8639date:2020-10-27T20:15:16.500