CVE-2019-8815

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS v3 8.8 HIGH
CVSS v2.0 9.3 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://security.gentoo.org/glsa/202003-22	Third Party Advisory
https://support.apple.com/HT210721	Vendor Advisory
https://support.apple.com/HT210723	Vendor Advisory
https://support.apple.com/HT210725	Vendor Advisory
https://support.apple.com/HT210726	Vendor Advisory
https://support.apple.com/HT210727	Vendor Advisory
https://support.apple.com/HT210728	Vendor Advisory
https://security.gentoo.org/glsa/202003-22	Third Party Advisory
https://support.apple.com/HT210721	Vendor Advisory
https://support.apple.com/HT210723	Vendor Advisory
https://support.apple.com/HT210725	Vendor Advisory
https://support.apple.com/HT210726	Vendor Advisory
https://support.apple.com/HT210727	Vendor Advisory
https://support.apple.com/HT210728	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:itunes::::::windows::*
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:tvos::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

21 Nov 2024, 04:50

Type	Values Removed	Values Added
References	~~() https://security.gentoo.org/glsa/202003-22 - Third Party Advisory~~	() https://security.gentoo.org/glsa/202003-22 - Third Party Advisory
References	~~() https://support.apple.com/HT210721 - Vendor Advisory~~	() https://support.apple.com/HT210721 - Vendor Advisory
References	~~() https://support.apple.com/HT210723 - Vendor Advisory~~	() https://support.apple.com/HT210723 - Vendor Advisory
References	~~() https://support.apple.com/HT210725 - Vendor Advisory~~	() https://support.apple.com/HT210725 - Vendor Advisory
References	~~() https://support.apple.com/HT210726 - Vendor Advisory~~	() https://support.apple.com/HT210726 - Vendor Advisory
References	~~() https://support.apple.com/HT210727 - Vendor Advisory~~	() https://support.apple.com/HT210727 - Vendor Advisory
References	~~() https://support.apple.com/HT210728 - Vendor Advisory~~	() https://support.apple.com/HT210728 - Vendor Advisory

Information

Published : 2019-12-18 18:15

Updated : 2024-11-21 04:50

NVD link : CVE-2019-8815

Mitre link : CVE-2019-8815

CVE.ORG link : CVE-2019-8815

JSON object : View

Products Affected

apple

iphone_os
safari
tvos
ipados
icloud
itunes

redhat

enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2019-8815", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-12-18T18:15:44.100", "references": [{"url": "https://security.gentoo.org/glsa/202003-22", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210721", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210723", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210725", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210726", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210727", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT210728", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://security.gentoo.org/glsa/202003-22", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/HT210721", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/HT210723", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/HT210725", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/HT210726", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/HT210727", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/HT210728", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution."}, {"lang": "es", "value": "M\u00faltiples problemas de corrupci\u00f3n de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versi\u00f3n 13.2 y iPadOS versi\u00f3n 13.2, tvOS versi\u00f3n 13.2, Safari versi\u00f3n 13.0.3, iTunes para Windows versi\u00f3n 12.10.2, iCloud para Windows versi\u00f3n 11.0, iCloud para Windows versi\u00f3n 7.15. El procesamiento de contenido web dise\u00f1ado maliciosamente puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario."}], "lastModified": "2024-11-21T04:50:31.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B730AB98-7AF7-4F18-BEB4-AEE484D2586B", "versionEndExcluding": "7.15"}, {"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "40795999-C39E-4D39-A734-70EDCF0D11A7", "versionEndIncluding": "10.4", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "4A70FE53-CD3F-4296-B209-64C6F24CE3A7", "versionEndExcluding": "12.10.2"}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DD4F307-7772-4B9B-8C77-E445EA39ADB8", "versionEndExcluding": "13.0.3"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD59FD8B-5C11-469A-91E8-B3EB904AB1EF", "versionEndExcluding": "13.2"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13864229-C006-4C72-AAE3-90F009375CA5", "versionEndExcluding": "13.2"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A03A6988-48E4-4108-9A9B-8671BFF4C3A5", "versionEndExcluding": "13.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}

8.8 /10