CVE-2019-8562 — Out-of-bounds Write in Apple Itunes FOR Windows

CWE-787 — Out-of-bounds Write CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition9 documents6 sources

Severity

9.6CRITICALNVD

GHSA6.3

EPSS

0.5%

top 35.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Itunes FOR Windows Apple Safari +3 more

Timeline

PublishedDec 18

Latest updateMay 24

Description

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages8 packages

▶CVEListV5apple/itunes_for_windowsunspecified — iTunes 12.9.4 for Windows

▶CVEListV5apple/tvosunspecified — tvOS 12.2

▶NVDapple/tvos< 12.2

▶CVEListV5apple/safariunspecified — Safari 12.1

▶NVDapple/itunes< 12.9.4

🔴Vulnerability Details

GHSA

GHSA-5qc4-qvx4-264m: A memory corruption issue was addressed with improved validation↗2022-05-24

▶

GHSA

Potential proxy IP restriction bypass in Kubernetes↗2022-02-02

▶

CVEList

CVE-2019-8562: A memory corruption issue was addressed with improved validation↗2019-12-18

▶

📋Vendor Advisories

Red Hat

kubernetes: Bypass of Kubernetes API Server proxy TOCTOU↗2021-05-04

▶

Apple

CVE-2019-8562: iTunes 12.9.4 for Windows↗2019-03-25

▶

Apple

CVE-2019-8562: Safari 12.1↗2019-03-25

▶

Apple

CVE-2019-8562: tvOS 12.2↗2019-03-25

▶

Apple

CVE-2019-8562: iOS 12.2↗2019-03-25

▶