CVE-2018-4429Improper Input Validation in Apple Watchos

CWE-20Improper Input Validation5 documents4 sources
Severity
6.5MEDIUMNVD
OSV5.9
EPSS
0.2%
top 55.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Iphone OSApple WatchosLibtirpc Project Libtirpc+1 more
Timeline
PublishedApr 3
Latest updateMay 14

Description

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

NVDapple/watchos< 5.1.2
Appleapple/watchos5.1.2
NVDapple/iphone_os< 12.1.1
Ubuntulibtirpc_project/libtirpc< 0.2.2-5ubuntu2.1+2
Appleapple/ios12.1.1

🔴Vulnerability Details

2
GHSA
GHSA-v2p2-x547-vr26: A spoofing issue existed in the handling of URLs2022-05-14
OSV
libtirpc vulnerabilities2018-09-05

📋Vendor Advisories

2
Apple
CVE-2018-4429: watchOS 5.1.22018-12-06
Apple
CVE-2018-4429: iOS 12.1.12018-12-05