CVE-2019-8756

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.apple.com/en-us/HT210604	Vendor Advisory
https://support.apple.com/en-us/HT210606	Vendor Advisory
https://support.apple.com/en-us/HT210607	Vendor Advisory
https://support.apple.com/en-us/HT210634	Vendor Advisory
https://support.apple.com/en-us/HT210635	Vendor Advisory
https://support.apple.com/en-us/HT210636	Vendor Advisory
https://support.apple.com/en-us/HT210637	Vendor Advisory
https://support.apple.com/en-us/HT210722	Vendor Advisory
https://support.apple.com/en-us/HT210604	Vendor Advisory
https://support.apple.com/en-us/HT210606	Vendor Advisory
https://support.apple.com/en-us/HT210607	Vendor Advisory
https://support.apple.com/en-us/HT210634	Vendor Advisory
https://support.apple.com/en-us/HT210635	Vendor Advisory
https://support.apple.com/en-us/HT210636	Vendor Advisory
https://support.apple.com/en-us/HT210637	Vendor Advisory
https://support.apple.com/en-us/HT210722	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:itunes::::::windows::*
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

21 Nov 2024, 04:50

Type	Values Removed	Values Added
References	~~() https://support.apple.com/en-us/HT210604 - Vendor Advisory~~	() https://support.apple.com/en-us/HT210604 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT210606 - Vendor Advisory~~	() https://support.apple.com/en-us/HT210606 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT210607 - Vendor Advisory~~	() https://support.apple.com/en-us/HT210607 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT210634 - Vendor Advisory~~	() https://support.apple.com/en-us/HT210634 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT210635 - Vendor Advisory~~	() https://support.apple.com/en-us/HT210635 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT210636 - Vendor Advisory~~	() https://support.apple.com/en-us/HT210636 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT210637 - Vendor Advisory~~	() https://support.apple.com/en-us/HT210637 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT210722 - Vendor Advisory~~	() https://support.apple.com/en-us/HT210722 - Vendor Advisory

Information

Published : 2020-10-27 20:15

Updated : 2024-11-21 04:50

NVD link : CVE-2019-8756

Mitre link : CVE-2019-8756

CVE.ORG link : CVE-2019-8756

JSON object : View

Products Affected

apple

watchos
mac_os_x
icloud
itunes
tvos

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2019-8756", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-10-27T20:15:18.860", "references": [{"url": "https://support.apple.com/en-us/HT210604", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210606", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210607", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210634", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210635", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210636", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210637", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210722", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210604", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT210606", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT210607", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT210634", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT210635", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT210636", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT210637", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT210722", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2."}, {"lang": "es", "value": "Se abord\u00f3 m\u00faltiples problemas de corrupci\u00f3n de la memoria con una comprobaci\u00f3n de entrada mejorada. Este problema se corrigi\u00f3 en macOS Catalina versi\u00f3n 10.15, iOS versi\u00f3n 13, iCloud para Windows versi\u00f3n 7.14, iCloud para Windows versi\u00f3n 10.7, tvOS versi\u00f3n 13, macOS Catalina versi\u00f3n 10.15.1, Security Update 2019-001 y Security Update 2019-006, watchOS versi\u00f3n 6, iTunes versi\u00f3n 12.10. 1 para Windows. M\u00faltiples problemas en libxml2"}], "lastModified": "2024-11-21T04:50:25.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "CD51BEFE-B28D-412A-996D-ADA104E4EC17", "versionEndExcluding": "7.14"}, {"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "3AB3D55F-1566-4705-98C9-6D56F8F156F0", "versionEndExcluding": "10.7", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "397F21E9-3B36-49AE-92E3-B5B1FC7773D1", "versionEndExcluding": "12.10.1"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E28B89FF-E2E1-498A-AF43-C8DE5DA352CD", "versionEndExcluding": "10.15"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6FCD7CE-EC26-4952-A34D-2221AA4F223B", "versionEndExcluding": "13"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70F86075-2932-4E94-B7B2-7DF51A51B179", "versionEndExcluding": "6.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}

9.8 /10