CVE-2019-8790

CWE-9224 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 77.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Swift FOR UbuntuApple Swift
Timeline
PublishedOct 27
Latest updateMay 24

Description

This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5apple/swift_for_ubuntuunspecified5.1
NVDapple/swift< 5.1.1

🔴Vulnerability Details

2
GHSA
GHSA-5v59-m956-6fv5: This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 52022-05-24
CVEList
CVE-2019-8790: This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 52020-10-27

📋Vendor Advisories

1
Apple
CVE-2019-8790: Swift 5.1.1 for Ubuntu2019-10-11
CVE-2019-8790 (MEDIUM CVSS 5.5) | This issue was addresses by updatin | cvebase.io