CVE-2016-4622Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer20 documents8 sources
Severity
8.8HIGHNVD
EPSS
68.8%
top 1.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple Iphone OSApple SafariApple Tvos+2 more
Timeline
PublishedJul 22
Latest updateMay 14

Description

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

NVDapple/tvos< 9.2.2
NVDapple/safari< 9.1.2
Appleapple/tvos9.2.2
Appleapple/safari9.1.2
NVDapple/iphone_os< 9.3.3

🔴Vulnerability Details

8
GHSA
GHSA-9ww3-4w88-358v: WebKit in Apple iOS before 92022-05-14
GHSA
GHSA-vvf3-m43m-fjm2: WebKit in Apple iOS before 92022-05-14
GHSA
GHSA-c6h7-f376-r28g: WebKit in Apple iOS before 92022-05-14
GHSA
GHSA-fcp9-3jj8-v7vp: WebKit in Apple iOS before 92022-05-14
OSV
CVE-2016-4622: WebKit in Apple iOS before 92016-07-22

📋Vendor Advisories

6
Ubuntu
WebKitGTK+ vulnerabilities2016-09-14
Apple
CVE-2016-4622: iOS 9.3.32016-07-18
Apple
CVE-2016-4622: Safari 9.1.22016-07-18
Apple
CVE-2016-4622: tvOS 9.2.22016-07-18
Debian
CVE-2016-4622: webkit2gtk - WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 all...2016

📄Research Papers

2
arXiv
SOK: On the Analysis of Web Browser Security2021-12-31
CTF
butterfree / readme2019