CVE-2019-8800 — Out-of-bounds Write in Apple Xcode

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399 CWE-22 — Path Traversal CWE-352 — Cross-Site Request Forgery CWE-284 — Improper Access Control CWE-476 — NULL Pointer Dereference CWE-79 — Cross-site Scripting CWE-20 — Improper Input Validation13 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 42.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Xcode

Timeline

PublishedDec 18

Latest updateMay 24

Description

A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5apple/xcodeunspecified — Xcode 11.2

▶NVDapple/xcode< 11.2

🔴Vulnerability Details

GHSA

GHSA-vrf5-f827-8842: A memory corruption issue was addressed with improved validation↗2022-05-24

▶

CVEList

CVE-2019-8800: A memory corruption issue was addressed with improved validation↗2019-12-18

▶

📋Vendor Advisories

Cisco

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability↗2020-01-08

▶

Apple

CVE-2019-8800: Xcode 11.2↗2019-10-31

▶

Cisco

Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability↗2019-07-03

▶

Cisco

Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability↗2019-05-01

▶

Cisco

Cisco IP Phone 8800 Series Path Traversal Vulnerability↗2019-03-20

▶