8.8

CVE-2025-31277

Warnung
Medienbericht
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version < 18.6
AppleiPadOS Version < 18.6
AppleiPhone OS Version < 18.6
ApplemacOS Version >= 15.0 < 15.6
AppletvOS Version < 18.6
ApplevisionOS Version < 2.6
ApplewatchOS Version < 11.6
WebkitgtkWebkitgtk Version < 2.50.0
WpewebkitWpe Webkit Version < 2.50.0
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Aus Version8.2
RedhatEnterprise Linux Aus Version8.4
RedhatEnterprise Linux Aus Version8.6
RedhatEnterprise Linux Els Version7.0
RedhatEnterprise Linux Eus Version8.4
RedhatEnterprise Linux Eus Version8.6
RedhatEnterprise Linux Eus Version9.4
RedhatEnterprise Linux Tus Version8.6
RedhatEnterprise Linux Tus Version8.8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login

20.03.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Buffer Overflow Vulnerability

Schwachstelle

Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.48% 0.707
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
02.04.2026 00:04
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
23.03.2026 09:52
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
21.03.2026 10:07
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
19.03.2026 11:06
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
18.03.2026 15:20
https://support.apple.com/en-us/124147
Vendor Advisory
Release Notes
https://support.apple.com/en-us/124149
Vendor Advisory
Release Notes
https://support.apple.com/en-us/124153
Vendor Advisory
Release Notes
https://support.apple.com/en-us/124154
Vendor Advisory
Release Notes
https://support.apple.com/en-us/124155
Vendor Advisory
Release Notes
https://support.apple.com/en-us/124152
Vendor Advisory
Release Notes
http://seclists.org/fulldisclosure/2025/Aug/0
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2025/Jul/30
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2025/Jul/32
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2025/Jul/36
Third Party Advisory
Mailing List
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/
Technical Description
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277
US Government Resource
https://access.redhat.com/errata/RHSA-2025:17643
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:17741
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:17743
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:17802
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:17807
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:18097
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:19109
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:19157
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:19165
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:19352
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2025-31277
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2448780
Third Party Advisory
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31277.json
Third Party Advisory