Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2018-4222

Published: 08/06/2018 Updated: 07/03/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Apple

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 11.4 is affected. Safari prior to 11.1.1 is affected. iCloud prior to 7.5 on Windows is affected. iTunes prior to 12.7.5 on Windows is affected. tvOS prior to 11.4 is affected. watchOS prior to 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote malicious users to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple watchos

apple tvos

apple safari

apple icloud

apple itunes

canonical ubuntu linux 17.10

canonical ubuntu linux 18.04

canonical ubuntu linux 16.04

Vendor Advisories

Ubuntu Security Notice: webkit2gtk vulnerabilities
Several security issues were fixed in WebKitGTK+ ...

Exploits

Exploit DB: WebKit - WebAssembly Compilation Info Leak
<!-- There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit When a source buffer is compiled, it is first copied into a read-only buffer by the functuion getWasmBufferFromValue This function returns the code buffer as follows: return arrayBufferView ? static_cast<uint8_t*>(arrayBufferView->vector()) : stat ...

References

CWE-125https://support.apple.com/HT208854https://support.apple.com/HT208853https://support.apple.com/HT208852https://support.apple.com/HT208851https://support.apple.com/HT208850https://support.apple.com/HT208848https://bugs.chromium.org/p/project-zero/issues/detail?id=1545http://www.securitytracker.com/id/1041029https://www.exploit-db.com/exploits/44859/https://usn.ubuntu.com/3687-1/https://security.gentoo.org/glsa/201808-04https://nvd.nist.govhttps://usn.ubuntu.com/3687-1/https://www.exploit-db.com/exploits/44859/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook