CVE-2009-0018 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple MAC OS X

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-704 — Incorrect Type Conversion or Cast CWE-754 — Improper Check for Unusual or Exceptional Conditions CWE-460 — Improper Cleanup on Thrown Exception CWE-476 — NULL Pointer Dereference CWE-835 — Infinite Loop CWE-628 — Function Call with Incorrectly Specified Arguments17 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.6%

top 31.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedFeb 13

Latest updateNov 12

Description

The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶NVDapple/mac_os_x_server10.4.11, 10.5.6+1

▶NVDapple/mac_os_x10.4.11, 10.5.6+1

▶Linuxlinux/linux_kernel6.7.0 — 6.12.53+2

🔴Vulnerability Details

OSV

iommu/vt-d: debugfs: Fix legacy mode page table dump logic↗2025-11-12

▶

OSV

btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure↗2025-10-22

▶

GHSA

GHSA-2xg8-j8mx-hw4m: The Remote Apple Events server in Apple Mac OS X 10↗2022-05-02

▶

CVEList

CVE-2009-0018: The Remote Apple Events server in Apple Mac OS X 10↗2009-02-13

▶

📋Vendor Advisories

Red Hat

kernel: iommu/vt-d: debugfs: Fix legacy mode page table dump logic↗2025-11-12

▶

Red Hat

kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0↗2025-06-18

▶

Red Hat

kernel: media: ts2020: fix null-ptr-deref in ts2020_probe()↗2024-12-27

▶

Red Hat

kernel: btrfs: do not BUG_ON in link_to_fixup_dir↗2024-03-25

▶

💬Community

Bugzilla

CVE-2009-1189 dbus: invalid fix for CVE-2008-3834↗2009-04-20

▶