CVE-2019-8830

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.

CVSS v3 8.8 HIGH
CVSS v2.0 9.3 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://support.apple.com/en-us/HT210785	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT210787	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT210788	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT210789	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT210790	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT210791	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

No history.

Information

Published : 2020-10-27 20:15

Updated : 2024-02-28 18:08

NVD link : CVE-2019-8830

Mitre link : CVE-2019-8830

CVE.ORG link : CVE-2019-8830

JSON object : View

Products Affected

apple

mac_os_x
watchos
iphone_os
ipados
tvos

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2019-8830", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-10-27T20:15:20.297", "references": [{"url": "https://support.apple.com/en-us/HT210785", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210787", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210788", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210789", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210790", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT210791", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution."}, {"lang": "es", "value": "Se abord\u00f3 una lectura fuera de l\u00edmites con una comprobaci\u00f3n de entrada mejorada. Este problema se corrigi\u00f3 en tvOS versi\u00f3n 13.3, watchOS versi\u00f3n 6.1.1, macOS Catalina versi\u00f3n 10.15.2, Security Update 2019-002 Mojave y Security Update 2019-007 High Sierra, iOS versi\u00f3n 13.3 y iPadOS versi\u00f3n 13.3, iOS versi\u00f3n 12.4.4, watchOS versi\u00f3n 5.3.4 . El procesamiento de videos maliciosos por medio de FaceTime puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"}], "lastModified": "2020-10-30T01:33:21.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A02B4418-82F4-4A23-8F4C-3C03C5522FED", "versionEndExcluding": "13.3"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDAD0B76-9EF7-4CCF-8CDD-6CF7355D0767", "versionEndExcluding": "13.3"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DFB3138-3528-49CA-B96F-C248593BB52B", "versionEndExcluding": "12.4.4", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F15588EA-D854-4694-97C6-53D9AA8B6F2D", "versionEndExcluding": "10.15.2"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31FE522C-5C52-408C-8E46-A3479BF78463", "versionEndExcluding": "13.3"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "132D6ACC-C9E7-4F65-9031-E8B04BC12249", "versionEndExcluding": "5.3.4"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAECF491-D83D-428D-8A8B-00BA3B5B5E76", "versionEndExcluding": "6.1.1", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}