CVE-2018-4210

Published: Jan 11, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.

Affected (7)

Products: Apple: Iphone Os, Safari, Tvos, Watchos, Itunes · Canonical: Ubuntu Linux · Webkitgtk: Webkitgtk+

5 products

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 11.3
Apple Safari	Before 11.1
Apple Tvos	Before 11.3
Apple Watchos	Before 4.3

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apple Itunes	Before 12.7.4

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 18.04

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Webkitgtk Webkitgtk+	Before 2.22.0

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.