CVE-2019-8744 — Out-of-bounds Write in Apple Macos

CWE-787 — Out-of-bounds Write8 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 45.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Macos Apple Tvos +3 more

Timeline

PublishedOct 27

Latest updateMay 24

Description

A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶CVEListV5apple/macosunspecified — 10.15

▶NVDapple/mac_os_x< 10.15

▶CVEListV5apple/tvosunspecified — 13

▶NVDapple/tvos< 13

▶CVEListV5apple/watchosunspecified — 6

🔴Vulnerability Details

GHSA

GHSA-mcp5-8xm2-27j2: A memory corruption issue existed in the handling of IPv6 packets↗2022-05-24

▶

CVEList

CVE-2019-8744: A memory corruption issue existed in the handling of IPv6 packets↗2020-10-27

▶

📋Vendor Advisories

Apple

CVE-2019-8744: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006↗2019-10-29

▶

Apple

CVE-2019-8744: macOS Catalina 10.15↗2019-10-07

▶

Apple

CVE-2019-8744: tvOS 13↗2019-09-24

▶

Apple

CVE-2019-8744: iOS 13↗2019-09-19

▶

Apple

CVE-2019-8744: watchOS 6↗2019-09-19

▶