CVE-2019-6235

CWE-787 — Out-of-bounds Write8 documents4 sources

Severity

10.0CRITICAL

EPSS

0.8%

top 26.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Itunes FOR Windows Apple Macos +7 more

Timeline

PublishedMar 4

Latest updateMay 13

Description

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages10 packages

▶CVEListV5apple/itunes_for_windowsunspecified — iTunes 12.9.3 for Windows

▶CVEListV5apple/tvosunspecified — tvOS 12.1.2

▶CVEListV5apple/macosunspecified — macOS Mojave 10.14.3

▶NVDapple/tv_os< 12.1.2

▶NVDapple/itunes< 12.9.3

🔴Vulnerability Details

GHSA

GHSA-2v8p-g986-x5qc: A memory corruption issue was addressed with improved validation↗2022-05-13

▶

CVEList

CVE-2019-6235: A memory corruption issue was addressed with improved validation↗2019-03-04

▶

📋Vendor Advisories

Apple

CVE-2019-6235: iTunes 12.9.3 for Windows↗2019-01-24

▶

Apple

CVE-2019-6235: macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra↗2019-01-22

▶

Apple

CVE-2019-6235: iOS 12.1.3↗2019-01-22

▶

Apple

CVE-2019-6235: watchOS 5.1.3↗2019-01-22

▶

Apple

CVE-2019-6235: tvOS 12.1.2↗2019-01-22

▶