CVE-2013-1011 — Out-of-bounds Write in Apple Itunes

CWE-3993 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.8%

top 26.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes

Timeline

PublishedMay 20

Latest updateMay 14

Description

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDapple/itunes11.0.2+78

🔴Vulnerability Details

GHSA

GHSA-8xc2-rv49-c3h6: WebKit, as used in Apple iTunes before 11↗2022-05-14

▶

OSV

CVE-2013-1011: WebKit, as used in Apple iTunes before 11↗2013-05-20

▶