7.8
CVE-2019-8602
- EPSS 10.26%
- Veröffentlicht 18.12.2019 18:15:28
- Zuletzt bearbeitet 21.11.2024 04:50:09
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.26% | 0.951 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://support.apple.com/HT210118
https://support.apple.com/HT210119
https://support.apple.com/HT210120
https://support.apple.com/HT210124
https://support.apple.com/HT210125
https://support.apple.com/HT210212
https://support.apple.com/HT210122
https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/