CVE-2018-4113

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.

Published: Apr 3, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-4113
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-617

Affected Software
References

Software	From	Fixed in
apple / iphone_os	-	11.3
apple / safari	-	11.1
apple / watchos	-	4.3
apple / tvos	-	11.3
apple / icloud	-	7.4
apple / itunes	-	12.7.4
webkitgtk / webkitgtk+	-	2.20.4
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	17.10	17.10.x

http://www.securitytracker.com/id/1040604
https://security.gentoo.org/glsa/201808-04
https://support.apple.com/HT208693
https://support.apple.com/HT208694
https://support.apple.com/HT208695
https://support.apple.com/HT208696
https://support.apple.com/HT208697
https://support.apple.com/HT208698
https://usn.ubuntu.com/3635-1/

Vulnerability Database

289,697

CVE-2018-4113