CVE-2017-7157 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Icloud
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer17 documents8 sources
Severity
8.8HIGHNVD
EPSS
2.0%
top 16.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 27
Latest updateMay 14
Description
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages5 packages
🔴Vulnerability Details
3📋Vendor Advisories
7Red Hat▶
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution↗2017-12-13
💬Community
6Bugzilla▶
CVE-2017-7157 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution↗2017-12-20
Bugzilla▶
CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-7156 CVE-2017-7157 mingw-webkitgtk: various flaws [fedora-all]↗2017-12-20
Bugzilla▶
CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-7156 CVE-2017-7157 mingw-webkitgtk3: various flaws [fedora-all]↗2017-12-20
Bugzilla▶
CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-7156 CVE-2017-7157 webkitgtk: various flaws [epel-all]↗2017-12-20
Bugzilla▶
CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-7156 CVE-2017-7157 webkitgtk4: various flaws [fedora-all]↗2017-12-20