CVE-2018-4302

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.apple.com/en-us/HT208112	Vendor Advisory
https://support.apple.com/en-us/HT208115	Vendor Advisory
https://support.apple.com/en-us/HT208141	Vendor Advisory
https://support.apple.com/en-us/HT208142	Vendor Advisory
https://support.apple.com/en-us/HT208144	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:itunes::::::windows::*
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:watchos::::::::

History

No history.

Information

Published : 2021-12-23 20:15

Updated : 2024-02-28 18:48

NVD link : CVE-2018-4302

Mitre link : CVE-2018-4302

CVE.ORG link : CVE-2018-4302

JSON object : View

Products Affected

apple

mac_os_x
icloud
watchos
itunes
iphone_os

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2018-4302", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-12-23T20:15:08.577", "references": [{"url": "https://support.apple.com/en-us/HT208112", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT208115", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT208141", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT208142", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT208144", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution."}, {"lang": "es", "value": "Se abord\u00f3 una desreferencia de puntero null con una comprobaci\u00f3n mejorada. Este problema es corregido en macOS High Sierra versi\u00f3n 10.13, iCloud para Windows versi\u00f3n 7.0, watchOS versi\u00f3n 4, iOS versi\u00f3n 11, iTunes versi\u00f3n 12.7 para Windows. El procesamiento de XML dise\u00f1ado de forma maliciosa puede conllevar a una finalizaci\u00f3n no esperada de la aplicaci\u00f3n o una ejecuci\u00f3n de c\u00f3digo arbitrario"}], "lastModified": "2022-01-05T20:04:49.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "0F26E44D-D557-4338-885D-6ACD185C1D13", "versionEndIncluding": "7.0"}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "63A802C3-5EE0-477F-B263-D6393F4B9631", "versionEndExcluding": "12.7"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F72F611A-26E5-4CC7-888E-96AD158D7C68", "versionEndExcluding": "11"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "089EFF21-6A9B-40E4-9154-44174E26D5B5", "versionEndExcluding": "10.13"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49790D15-2446-4138-B1FA-6C806587C5A1", "versionEndExcluding": "4"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}