CVE-2018-4146

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site.

Published: Apr 3, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-4146
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
apple / iphone_os	-	11.3
apple / safari	-	11.1
apple / watchos	-	4.3
apple / tvos	-	11.3
apple / icloud	-	7.4
apple / itunes	-	12.7.4
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	17.10	17.10.x
webkitgtk / webkitgtk+	-	2.20.4

http://www.securitytracker.com/id/1040604
https://security.gentoo.org/glsa/201808-04
https://support.apple.com/HT208693
https://support.apple.com/HT208694
https://support.apple.com/HT208695
https://support.apple.com/HT208696
https://support.apple.com/HT208697
https://support.apple.com/HT208698
https://usn.ubuntu.com/3635-1/

Vulnerability Database

289,697

CVE-2018-4146