Vulnerabilities > CVE-2018-4441 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
id EDB-ID:46072 last seen 2019-01-02 modified 2019-01-02 published 2019-01-02 reporter Exploit-DB source https://www.exploit-db.com/download/46072 title WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write id EDB-ID:46522 last seen 2019-03-11 modified 2019-03-08 published 2019-03-08 reporter Exploit-DB source https://www.exploit-db.com/download/46522 title Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-108.NASL description This update for webkit2gtk3 to version 2.22.5 fixes the following issues : Security issues fixed : - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 121538 published 2019-02-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121538 title openSUSE Security Update : webkit2gtk3 (openSUSE-2019-108) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-108. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(121538); script_version("1.3"); script_cvs_date("Date: 2019/04/30 14:30:16"); script_cve_id("CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"); script_name(english:"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-108)"); script_summary(english:"Check for the openSUSE-2019-108 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for webkit2gtk3 to version 2.22.5 fixes the following issues : Security issues fixed : - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) This update was imported from the SUSE:SLE-12-SP2:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119553" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119554" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119555" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119556" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119557" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119558" ); script_set_attribute( attribute:"solution", value:"Update the affected webkit2gtk3 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit-jsc-4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"libjavascriptcoregtk-4_0-18-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libwebkit2gtk-4_0-37-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libwebkit2gtk-4_0-37-debuginfo-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libwebkit2gtk3-lang-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"typelib-1_0-JavaScriptCore-4_0-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"typelib-1_0-WebKit2-4_0-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"webkit-jsc-4-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"webkit-jsc-4-debuginfo-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"webkit2gtk-4_0-injected-bundles-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"webkit2gtk3-debugsource-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"webkit2gtk3-devel-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"webkit2gtk3-minibrowser-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"webkit2gtk3-minibrowser-debuginfo-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"webkit2gtk3-plugin-process-gtk2-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjavascriptcoregtk-4_0-18-32bit-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libwebkit2gtk-4_0-37-32bit-2.22.5-18.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libwebkit2gtk-4_0-37-debuginfo-32bit-2.22.5-18.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc"); }NASL family Windows NASL id ITUNES_12_9_2.NASL description The version of Apple iTunes installed on the remote Windows host is prior to 12.9.2. It is, therefore, affected by multiple vulnerabilities as referenced in the HT209345 advisory. - Visiting a malicious website may lead to address bar spoofing (CVE-2018-4440) - Visiting a malicious website may lead to user interface spoofing (CVE-2018-4439) - Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2018-4437, CVE-2018-4464) - Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2018-4441, CVE-2018-4442, CVE-2018-4443) - Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2018-4438) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 119767 published 2018-12-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119767 title Apple iTunes < 12.9.2 Multiple Vulnerabilities (credentialed check) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0092-1.NASL description This update for webkit2gtk3 to version 2.22.5 fixes the following issues : Security issues fixed : CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 121206 published 2019-01-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121206 title SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0092-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-81.NASL description This update for webkit2gtk3 to version 2.22.5 fixes the following issues : Security issues fixed : - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 121339 published 2019-01-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121339 title openSUSE Security Update : webkit2gtk3 (openSUSE-2019-81) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-308.NASL description This update for webkit2gtk3 to version 2.22.6 fixes the following issues (boo#1124937 boo#1119558) : Security vulnerabilities fixed : - CVE-2018-4437: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119553) - CVE-2018-4438: Processing maliciously crafted web content may lead to arbitrary code execution. A logic issue existed resulting in memory corruption. This was addressed with improved state management. (boo#1119554) - CVE-2018-4441: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119555) - CVE-2018-4442: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119556) - CVE-2018-4443: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119557) - CVE-2018-4464: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119558) - CVE-2019-6212: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6215: Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling. - CVE-2019-6216: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6217: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6226: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6227: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2019-6229: Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue was addressed with improved validation. - CVE-2019-6233: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2019-6234: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. Other bug fixes and changes : - Make kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fix Web inspector magnifier under Wayland. - Fix garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fix several crashes, race conditions, and rendering issues. For a detailed list of changes, please refer to : - https://webkitgtk.org/security/WSA-2019-0001.html - https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html - https://webkitgtk.org/security/WSA-2018-0009.html - https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 122744 published 2019-03-11 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122744 title openSUSE Security Update : webkit2gtk3 (openSUSE-2019-308) NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI12_0_2.NASL description The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 12.0.2. It is, therefore, affected by the following vulnerabilities : - Input-validation errors exist that allow memory corruption leading to arbitrary code execution. (CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464) Note that other flaws exist that allow information disclosure and address bar spoofing. last seen 2020-06-01 modified 2020-06-02 plugin id 119498 published 2018-12-07 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119498 title macOS : Apple Safari < 12.0.2 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0497-1.NASL description This update for webkit2gtk3 to version 2.22.6 fixes the following issues (boo#1124937 boo#1119558) : Security vulnerabilities fixed : CVE-2018-4437: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119553) CVE-2018-4438: Processing maliciously crafted web content may lead to arbitrary code execution. A logic issue existed resulting in memory corruption. This was addressed with improved state management. (boo#1119554) CVE-2018-4441: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119555) CVE-2018-4442: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119556) CVE-2018-4443: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119557) CVE-2018-4464: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119558) CVE-2019-6212: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6215: Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling. CVE-2019-6216: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6217: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6226: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6227: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. CVE-2019-6229: Processing maliciously crafted web content may lead to universal cross-site scripting. A logic issue was addressed with improved validation. CVE-2019-6233: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. CVE-2019-6234: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. Other bug fixes and changes: Make kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. Fix Web inspector magnifier under Wayland. Fix garbled rendering of some websites (e.g. YouTube) while scrolling under X11. Fix several crashes, race conditions, and rendering issues. For a detailed list of changes, please refer to: https://webkitgtk.org/security/WSA-2019-0001.html https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html https://webkitgtk.org/security/WSA-2018-0009.html https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122474 published 2019-02-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122474 title SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0497-1) NASL family Misc. NASL id APPLETV_12_1_1.NASL description According to its banner, the version of Apple TV on the remote device is prior to 12.1.1. It is, therefore, affected by multiple vulnerabilities as described in the HT209342 security advisory: - Multiple elevation of privilege vulnerabilities exist due to improper memory handling. An application can exploit this to gain elevated privileges. (CVE-2018-4303, CVE-2018-4435) - Multiple unspecified command execution vulnerabilities exist that allow an attacker to execute arbitrary commands, sometimes with kernel privileges. (CVE-2018-4427, CVE-2018-4437, CVE-2018-4438, CVE-2018-4447, CVE-2018-4461, CVE-2018-4464, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443) - An unspecified denial of service (DoS) vulnerability exists in the Kernel that allows an an attacker in a privileged position to perform a denial of service attack. (CVE-2018-4460) Additionally, the version of Apple TV is also affected by several additional vulnerabilities including cross-site scripting (XSS) and an information disclosure vulnerability. Note that only 4th generation devices are affected by these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 119839 published 2018-12-21 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119839 title Apple TV < 12.1.1 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0146-1.NASL description This update for webkit2gtk3 to version 2.22.5 fixes the following issues : Security issues fixed : CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 121343 published 2019-01-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121343 title SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0146-1)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/150935/GS20181228215646.txt |
| id | PACKETSTORM:150935 |
| last seen | 2018-12-29 |
| published | 2018-12-27 |
| reporter | Google Security Research |
| source | https://packetstormsecurity.com/files/150935/WebKit-JSC-JSArray-shiftCountWithArrayStorage-Out-Of-Band-Read-Write.html |
| title | WebKit JSC JSArray::shiftCountWithArrayStorage Out-Of-Band Read / Write |