CVE-2014-4477Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.9%
top 24.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple Iphone OSApple ItunesApple Safari+4 more
Timeline
PublishedJan 30
Latest updateMay 14

Description

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages8 packages

NVDapple/safari6.2.2+13
NVDapple/tvos7.0.1
NVDapple/itunes12.1
NVDapple/iphone_os8.1.2

Patches

Patch: lists.apple.comPatch: lists.apple.com

🔴Vulnerability Details

6
GHSA
GHSA-545x-vrvw-rwm2: WebKit, as used in Apple iOS before 82022-05-14
GHSA
GHSA-p8m7-vv5r-gvwq: WebKit, as used in Apple iOS before 82022-05-14
GHSA
GHSA-xj6f-7cvw-xj6h: WebKit, as used in Apple iOS before 82022-05-14
OSV
CVE-2014-4477: WebKit, as used in Apple iOS before 82015-01-30
OSV
CVE-2014-4476: WebKit, as used in Apple iOS before 82015-01-30

📋Vendor Advisories

4
Apple
CVE-2014-4477: Apple TV 7.0.3
Apple
CVE-2014-4477: iTunes 12.2
Apple
CVE-2014-4477: Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3
Apple
CVE-2014-4477: iOS 8.1.3
CVE-2014-4477 — Apple Iphone OS vulnerability | cvebase