Lucene search

K

GoogleOSV:CVE-2024-40782

HistoryJul 29, 2024 - 11:15 p.m.

CVE-2024-40782

2024-07-2923:15:11

Google

osv.dev

memory management improvement

software vulnerability

unexpected process crash

web content

cve-2024-40782

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

5.7

Confidence

Low

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

References

seclists.org/fulldisclosure/2024/Jul/15

seclists.org/fulldisclosure/2024/Jul/16

seclists.org/fulldisclosure/2024/Jul/17

seclists.org/fulldisclosure/2024/Jul/18

seclists.org/fulldisclosure/2024/Jul/21

seclists.org/fulldisclosure/2024/Jul/22

seclists.org/fulldisclosure/2024/Jul/23

security-tracker.debian.org/tracker/CVE-2024-40782

support.apple.com/en-us/HT214116

support.apple.com/en-us/HT214117

support.apple.com/en-us/HT214119

support.apple.com/en-us/HT214121

support.apple.com/en-us/HT214122

support.apple.com/en-us/HT214123

support.apple.com/en-us/HT214124

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

5.7

Confidence

Low

Related for OSV:CVE-2024-40782

nvd1 cvelist1 vulnrichment1 redhatcve1 debiancve1 cve1 nessus14 openvas14 fedora3 osv6 apple7