Published: 05/03/2019 Updated: 06/03/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x
apple iphone os
apple tv os
apple watchos

/* Inspired by Ned Williamsons's fuzzer I took a look at the netkey code key_getsastat handles SADB_GETSASTAT messages: It allocates a buffer based on the number of SAs there currently are: bufsize = (ipsec_sav_count + 1) * sizeof(*sa_stats_sav); KMALLOC_WAIT(sa_stats_sav, __typeof__(sa_stats_sav), bufsize); It the retrieves the list ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2019-1-22-2 macOS Mojave 10143, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra <!--X ...

CWE-119 https://support.apple.com/HT209448 https://support.apple.com/HT209447 https://support.apple.com/HT209446 https://support.apple.com/HT209443 https://www.exploit-db.com/exploits/46300/http://www.securityfocus.com/bid/106739 https://nvd.nist.gov https://www.exploit-db.com/exploits/46300

CVE-2019-6213

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect