CVE-2018-4220

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
8.8HIGH
EPSS
0.4%
top 38.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Swift
Timeline
PublishedJun 8
Latest updateMay 13

Description

An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDapple/swift< 4.1.1

🔴Vulnerability Details

2
GHSA
GHSA-x9v7-5j9h-jp2f: An issue was discovered in certain Apple products2022-05-13
CVEList
CVE-2018-4220: An issue was discovered in certain Apple products2018-06-08

📋Vendor Advisories

1
Apple
CVE-2018-4220: Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.042018-05-04