CVE-2019-8662

Опубликовано: 18 дек. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.

Ссылки

https://support.apple.com/HT210346
Vendor Advisory
https://support.apple.com/HT210348
Vendor Advisory
https://support.apple.com/HT210351
Vendor Advisory
https://support.apple.com/HT210353
Vendor Advisory
https://support.apple.com/HT210346
Vendor Advisory
https://support.apple.com/HT210348
Vendor Advisory
https://support.apple.com/HT210351
Vendor Advisory
https://support.apple.com/HT210353
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 12.4 (исключая)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия до 10.14.6 (исключая)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 12.4 (исключая)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Версия до 5.3 (исключая)

EPSS

Процентиль: 94%

0.14427

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-v448-6mjx-mr34

github

больше 3 лет назад