#VU48062 Buffer overflow - CVE-2019-8835


| Updated: 2020-11-01

Vulnerability identifier: #VU48062

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-8835

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.

Mitigation
Install update from vendor's website.

External links
https://support.apple.com/en-us/HT210785
https://support.apple.com/en-us/HT210790
https://support.apple.com/en-us/HT210792
https://support.apple.com/en-us/HT210793
https://support.apple.com/en-us/HT210794
https://support.apple.com/en-us/HT210795

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Red Hat Service Telemetry Framework
Multiple vulnerabilities in Red Hat Quay
Multiple vulnerabilities in Red Hat OpenShift Container Storage
Red Hat Enterprise Linux 8 update for GNOME
Gentoo update for WebkitGTK+
Arch Linux update for webkit2gtk
Buffer overflow in webkit2gtk (Alpine package)
Debian update for webkit2gtk
Fedora 31 update for webkit2gtk3
Fedora 30 update for webkit2gtk3