CVE-2016-4587 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple IOS

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.7%

top 27.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Tvos

Timeline

PublishedJul 22

Latest updateMay 14

Description

WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Appleapple/tvos9.2.2

▶Appleapple/ios9.3.3

🔴Vulnerability Details

GHSA

GHSA-gjrm-vggc-2v8g: WebKit in Apple iOS before 9↗2022-05-14

▶

OSV

CVE-2016-4587: WebKit in Apple iOS before 9↗2016-07-22

▶

📋Vendor Advisories

Apple

CVE-2016-4587: iOS 9.3.3↗2016-07-18

▶

Apple

CVE-2016-4587: tvOS 9.2.2↗2016-07-18

▶

💬Community

Bugzilla

CVE-2016-10744 select2: XSS due to missing sanitization when HTML templates are used to display remotely-loaded data.↗2019-03-27

▶