CVE-2019-8774Improper Input Validation in Apple IOS AND Ipados

CWE-20Improper Input ValidationCWE-400Uncontrolled Resource Consumption5 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 65.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple IOS AND IpadosApple MacosApple Ipad OS+2 more
Timeline
PublishedOct 27
Latest updateMay 24

Description

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

CVEListV5apple/macosunspecified10.15
NVDapple/ipad_os< 13.1
NVDapple/mac_os_x< 10.15
CVEListV5apple/ios_and_ipadosunspecified13.1
NVDapple/iphone_os< 13.1

🔴Vulnerability Details

2
GHSA
GHSA-rgmg-8w65-pm2j: A resource exhaustion issue was addressed with improved input validation2022-05-24
CVEList
CVE-2019-8774: A resource exhaustion issue was addressed with improved input validation2020-10-27

📋Vendor Advisories

2
Apple
CVE-2019-8774: macOS Catalina 10.152019-10-07
Apple
CVE-2019-8774: iOS 13.1 and iPadOS 13.12019-09-24
CVE-2019-8774 — Improper Input Validation in Apple | cvebase