CVE-2018-4474

EPSS 0.86%
Published 27.10.2020 20:15:14
Last modified 21.11.2024 04:07:27
Source product-security@apple.com
Teams watchlist Login
Open Login

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ iCloud SwPlatformwindows Version < 7.7

Apple ≫ iTunes SwPlatformwindows Version < 12.9

Apple ≫ Safari Version < 12

Apple ≫ iPhone OS Version < 12.0

Apple ≫ tvOS Version < 12

Apple ≫ watchOS Version < 5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.86%	0.73

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://support.apple.com/en-us/HT209106

Vendor Advisory

https://support.apple.com/en-us/HT209107

Vendor Advisory

https://support.apple.com/en-us/HT209108

Vendor Advisory

https://support.apple.com/en-us/HT209109

Vendor Advisory

https://support.apple.com/en-us/HT209140

Vendor Advisory

https://support.apple.com/en-us/HT209141

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-4474

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-4474

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-4474

EUVD