CVE-2019-8744 - OpenCVE

A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Mac Os X Tvos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
https://support.apple.com/en-us/HT210604
https://support.apple.com/en-us/HT210606
https://support.apple.com/en-us/HT210607
https://support.apple.com/en-us/HT210634
https://support.apple.com/en-us/HT210722

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2020-10-27T19:46:04

Updated: 2024-08-04T21:31:35.710Z

Reserved: 2019-02-18T00:00:00

Link: CVE-2019-8744

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-10-27T20:15:18.313

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-8744

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "tvOS", "vendor": "Apple", "versions": [{"lessThan": "13", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "13", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "10.15", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "10.15", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout."}], "problemTypes": [{"descriptions": [{"description": "A malicious application may be able to determine kernel memory layout", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-27T19:46:04", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210634"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210722"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210604"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210606"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210607"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2019-8744", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "tvOS", "version": {"version_data": [{"version_affected": "<", "version_value": "13"}]}}, {"product_name": "iOS", "version": {"version_data": [{"version_affected": "<", "version_value": "13"}]}}, {"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "6"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "10.15"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "10.15"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A malicious application may be able to determine kernel memory layout"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT210634", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210634"}, {"name": "https://support.apple.com/en-us/HT210722", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210722"}, {"name": "https://support.apple.com/en-us/HT210604", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210604"}, {"name": "https://support.apple.com/en-us/HT210606", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210606"}, {"name": "https://support.apple.com/en-us/HT210607", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210607"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:31:35.710Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210634"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210722"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210604"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210606"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210607"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2019-8744", "datePublished": "2020-10-27T19:46:04", "dateReserved": "2019-02-18T00:00:00", "dateUpdated": "2024-08-04T21:31:35.710Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "74FC47CB-6F80-4521-BE54-47B5630FF496", "versionEndExcluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "E28B89FF-E2E1-498A-AF43-C8DE5DA352CD", "versionEndExcluding": "10.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6FCD7CE-EC26-4952-A34D-2221AA4F223B", "versionEndExcluding": "13", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "70F86075-2932-4E94-B7B2-7DF51A51B179", "versionEndExcluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout."}, {"lang": "es", "value": "Se present\u00f3 un problema de corrupci\u00f3n de la memoria en el manejo de paquetes IPv6. Este problema se corrigi\u00f3 mejorando la gesti\u00f3n de la memoria. Este problema se corrigi\u00f3 en macOS Catalina versi\u00f3n 10.15, tvOS versi\u00f3n 13, macOS Catalina versi\u00f3n 10.15.1, Security Update 2019-001 y Security Update 2019-006, watchOS versi\u00f3n 6, iOS versi\u00f3n 13. Una aplicaci\u00f3n maliciosa puede ser capaz de determinar el dise\u00f1o de la memoria del kernel"}], "id": "CVE-2019-8744", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-27T20:15:18.313", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210604"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210606"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210607"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210634"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210722"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}