CVE-2016-4611 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer18 documents4 sources
Severity
9.6CRITICALNVD
NVD8.8NVD7.8OSV8.8
EPSS
0.9%
top 24.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 25
Latest updateMay 14
Description
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages6 packages
🔴Vulnerability Details
10GHSA▶
GHSA-v5fw-32vg-j8r3: WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (me↗2022-05-14
GHSA▶
GHSA-gqwf-q979-52qv: WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (me↗2022-05-14
GHSA▶
GHSA-32jw-9c3r-w82w: WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (me↗2022-05-14
GHSA▶
GHSA-m3qj-cmv8-86m5: WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (me↗2022-05-14
GHSA▶
GHSA-7rm5-v6ff-v74r: WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (me↗2022-05-14