Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2018-4218

Published: 08/06/2018 Updated: 03/10/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Tvos

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 11.4 is affected. Safari prior to 11.1.1 is affected. iCloud prior to 7.5 on Windows is affected. iTunes prior to 12.7.5 on Windows is affected. tvOS prior to 11.4 is affected. watchOS prior to 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple tvos

apple safari

apple iphone os

apple watchos

apple icloud

apple itunes

canonical ubuntu linux 17.10

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

Vendor Advisories

Ubuntu Security Notice: webkit2gtk vulnerabilities
Several security issues were fixed in WebKitGTK+ ...

Exploits

Exploit DB: WebKit - Use-After-Free when Resuming Generator
<!-- In WebKit, resuming a generator is implemented in JavaScript An internal object property, @generatorState is used to prevent recursion within generators In GeneratorPrototypejs, the state is checked by calling: var state = this@generatorState; and set by calling: generator@generatorState = @GeneratorStateExecuting; Checkin ...

References

CWE-416https://support.apple.com/HT208854https://support.apple.com/HT208853https://support.apple.com/HT208852https://support.apple.com/HT208851https://support.apple.com/HT208850https://support.apple.com/HT208848https://bugs.chromium.org/p/project-zero/issues/detail?id=1553http://www.securitytracker.com/id/1041029https://www.exploit-db.com/exploits/44861/https://usn.ubuntu.com/3687-1/https://security.gentoo.org/glsa/201808-04https://nvd.nist.govhttps://usn.ubuntu.com/3687-1/https://www.exploit-db.com/exploits/44861/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook