CVE-2018-4210
HIGHSafari < 11.1 - Memory Corruption via JavaScript Array Indexing
Title source: llmDescription
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/HT208695%2C
Vendor Advisory x_refsource_misc
https://support.apple.com/HT208694%2C
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208698
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3781-1/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201812-04
Vendor Advisory x_refsource_misc
https://support.apple.com/HT208693%2C
Scores
CVSS v3
8.8
EPSS
0.0066
EPSS Percentile
71.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-129
Status
published
Products (7)
apple/iphone_os
< 11.3
apple/itunes
< 12.7.4
apple/safari
< 11.1
apple/tvos
< 11.3
apple/watchos
< 4.3
canonical/ubuntu_linux
18.04
webkitgtk/webkitgtk\+
< 2.22.0
Published
Jan 11, 2019
Tracked Since
Feb 18, 2026