CVE-2019-8722 — Improper Input Validation in Apple Xcode

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.6%

top 30.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Xcode

Timeline

PublishedDec 18

Latest updateMay 24

Description

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5apple/xcodeunspecified — Xcode 11.0

▶NVDapple/xcode< 11.0

🔴Vulnerability Details

GHSA

GHSA-9jhp-mffm-h2q2: Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507↗2022-05-24

▶

CVEList

CVE-2019-8722: Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507↗2019-12-18

▶

📋Vendor Advisories

Apple

CVE-2019-8722: Xcode 11.0↗2019-09-20

▶