Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2018-4200

Use After Free

Published: Jun 08, 2018 | Modified: Mar 07, 2019
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
5 MODERATE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2018-4200
CWEhttps://cwe.mitre.org/data/definitions/416.html

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.

Weakness

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Affected Software

Name Vendor Start Version End Version
Safari Apple * 11.1 (excluding)
Iphone_os Apple * 11.3.1 (excluding)
Tvos Apple * 11.4 (excluding)
Red Hat Enterprise Linux 7 RedHat accountsservice-0:0.6.50-2.el7 *
Red Hat Enterprise Linux 7 RedHat adwaita-icon-theme-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat appstream-data-0:7-20180614.el7 *
Red Hat Enterprise Linux 7 RedHat atk-0:2.28.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat at-spi2-atk-0:2.26.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat at-spi2-core-0:2.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat baobab-0:3.28.0-2.el7 *
Red Hat Enterprise Linux 7 RedHat bolt-0:0.4-3.el7 *
Red Hat Enterprise Linux 7 RedHat brasero-0:3.12.2-5.el7 *
Red Hat Enterprise Linux 7 RedHat cairo-0:1.15.12-3.el7 *
Red Hat Enterprise Linux 7 RedHat cheese-2:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat clutter-gst3-0:3.0.26-1.el7 *
Red Hat Enterprise Linux 7 RedHat compat-exiv2-023-0:0.23-2.el7 *
Red Hat Enterprise Linux 7 RedHat control-center-1:3.28.1-4.el7 *
Red Hat Enterprise Linux 7 RedHat dconf-0:0.28.0-4.el7 *
Red Hat Enterprise Linux 7 RedHat dconf-editor-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat devhelp-1:3.28.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat ekiga-0:4.0.1-8.el7 *
Red Hat Enterprise Linux 7 RedHat empathy-0:3.12.13-1.el7 *
Red Hat Enterprise Linux 7 RedHat eog-0:3.28.3-1.el7 *
Red Hat Enterprise Linux 7 RedHat evince-0:3.28.2-5.el7 *
Red Hat Enterprise Linux 7 RedHat evolution-0:3.28.5-2.el7 *
Red Hat Enterprise Linux 7 RedHat evolution-data-server-0:3.28.5-1.el7 *
Red Hat Enterprise Linux 7 RedHat evolution-ews-0:3.28.5-1.el7 *
Red Hat Enterprise Linux 7 RedHat evolution-mapi-0:3.28.3-2.el7 *
Red Hat Enterprise Linux 7 RedHat file-roller-0:3.28.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat flatpak-0:1.0.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat folks-1:0.11.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat fontconfig-0:2.13.0-4.3.el7 *
Red Hat Enterprise Linux 7 RedHat freetype-0:2.8-12.el7 *
Red Hat Enterprise Linux 7 RedHat fribidi-0:1.0.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat fwupd-0:1.0.8-4.el7 *
Red Hat Enterprise Linux 7 RedHat fwupdate-0:12-5.el7 *
Red Hat Enterprise Linux 7 RedHat gcr-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gdk-pixbuf2-0:2.36.12-3.el7 *
Red Hat Enterprise Linux 7 RedHat gdm-1:3.28.2-9.el7 *
Red Hat Enterprise Linux 7 RedHat gedit-2:3.28.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat gedit-plugins-0:3.28.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat geoclue2-0:2.4.8-1.el7 *
Red Hat Enterprise Linux 7 RedHat geocode-glib-0:3.26.0-2.el7 *
Red Hat Enterprise Linux 7 RedHat gjs-0:1.52.3-1.el7 *
Red Hat Enterprise Linux 7 RedHat glade-0:3.22.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat glib2-0:2.56.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat glibmm24-0:2.56.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat glib-networking-0:2.56.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-backgrounds-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-bluetooth-1:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-boxes-0:3.28.5-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-calculator-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-clocks-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-color-manager-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-contacts-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-desktop3-0:3.28.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-devel-docs-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-dictionary-0:3.26.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-disk-utility-0:3.28.3-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-documents-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-font-viewer-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-getting-started-docs-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-initial-setup-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-keyring-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-online-accounts-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-online-miners-0:3.26.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-packagekit-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-screenshot-0:3.26.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-session-0:3.28.1-5.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-settings-daemon-0:3.28.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-shell-0:3.28.3-6.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-shell-extensions-0:3.28.1-5.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-software-0:3.28.2-3.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-system-monitor-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-terminal-0:3.28.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-themes-standard-0:3.28-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-tweak-tool-0:3.28.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-user-docs-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnote-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gobject-introspection-0:1.56.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat gom-0:0.3.3-1.el7 *
Red Hat Enterprise Linux 7 RedHat google-noto-emoji-fonts-0:20180508-4.el7 *
Red Hat Enterprise Linux 7 RedHat grilo-0:0.3.6-1.el7 *
Red Hat Enterprise Linux 7 RedHat grilo-plugins-0:0.3.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat gsettings-desktop-schemas-0:3.28.0-2.el7 *
Red Hat Enterprise Linux 7 RedHat gspell-0:1.6.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat gssdp-0:1.0.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gstreamer1-plugins-base-0:1.10.4-2.el7 *
Red Hat Enterprise Linux 7 RedHat gtk3-0:3.22.30-3.el7 *
Red Hat Enterprise Linux 7 RedHat gtk-doc-0:1.28-2.el7 *
Red Hat Enterprise Linux 7 RedHat gtksourceview3-0:3.24.8-1.el7 *
Red Hat Enterprise Linux 7 RedHat gucharmap-0:10.0.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat gupnp-0:1.0.2-5.el7 *
Red Hat Enterprise Linux 7 RedHat gupnp-igd-0:0.2.5-2.el7 *
Red Hat Enterprise Linux 7 RedHat gvfs-0:1.36.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat harfbuzz-0:1.7.5-2.el7 *
Red Hat Enterprise Linux 7 RedHat json-glib-0:1.4.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat libappstream-glib-0:0.7.8-2.el7 *
Red Hat Enterprise Linux 7 RedHat libchamplain-0:0.12.16-2.el7 *
Red Hat Enterprise Linux 7 RedHat libcroco-0:0.6.12-4.el7 *
Red Hat Enterprise Linux 7 RedHat libgdata-0:0.17.9-1.el7 *
Red Hat Enterprise Linux 7 RedHat libgee-0:0.20.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat libgepub-0:0.6.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat libgexiv2-0:0.10.8-1.el7 *
Red Hat Enterprise Linux 7 RedHat libgnomekbd-0:3.26.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat libgovirt-0:0.3.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat libgtop2-0:2.38.0-3.el7 *
Red Hat Enterprise Linux 7 RedHat libgweather-0:3.28.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat libgxps-0:0.3.0-4.el7 *
Red Hat Enterprise Linux 7 RedHat libical-0:3.0.3-2.el7 *
Red Hat Enterprise Linux 7 RedHat libjpeg-turbo-0:1.2.90-6.el7 *
Red Hat Enterprise Linux 7 RedHat libmediaart-0:1.9.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat libosinfo-0:1.1.0-2.el7 *
Red Hat Enterprise Linux 7 RedHat libpeas-0:1.22.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat librsvg2-0:2.40.20-1.el7 *
Red Hat Enterprise Linux 7 RedHat libsecret-0:0.18.6-1.el7 *
Red Hat Enterprise Linux 7 RedHat libsoup-0:2.62.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat libwnck3-0:3.24.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat mozjs52-0:52.9.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat mutter-0:3.28.3-4.el7 *
Red Hat Enterprise Linux 7 RedHat nautilus-0:3.26.3.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat nautilus-sendto-1:3.8.6-1.el7 *
Red Hat Enterprise Linux 7 RedHat openchange-0:2.3-3.el7 *
Red Hat Enterprise Linux 7 RedHat osinfo-db-0:20180531-1.el7 *
Red Hat Enterprise Linux 7 RedHat PackageKit-0:1.1.10-1.el7 *
Red Hat Enterprise Linux 7 RedHat pango-0:1.42.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat poppler-0:0.26.5-20.el7 *
Red Hat Enterprise Linux 7 RedHat pyatspi-0:2.26.0-3.el7 *
Red Hat Enterprise Linux 7 RedHat redhat-logos-0:70.0.3-7.el7 *
Red Hat Enterprise Linux 7 RedHat rest-0:0.8.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat rhythmbox-0:3.4.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat seahorse-nautilus-0:3.11.92-11.el7 *
Red Hat Enterprise Linux 7 RedHat shotwell-0:0.28.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat sushi-0:3.28.3-1.el7 *
Red Hat Enterprise Linux 7 RedHat totem-1:3.26.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat totem-pl-parser-0:3.26.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat upower-0:0.99.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat vala-0:0.40.8-1.el7 *
Red Hat Enterprise Linux 7 RedHat vino-0:3.22.0-7.el7 *
Red Hat Enterprise Linux 7 RedHat vte291-0:0.52.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat wayland-0:1.15.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat wayland-protocols-0:1.14-1.el7 *
Red Hat Enterprise Linux 7 RedHat webkitgtk4-0:2.20.5-1.el7 *
Red Hat Enterprise Linux 7 RedHat xdg-desktop-portal-0:1.0.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat xdg-desktop-portal-gtk-0:1.0.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat yelp-2:3.28.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat yelp-tools-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat yelp-xsl-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat zenity-0:3.28.1-1.el7 *
Qtwebkit Ubuntu eoan *
Qtwebkit-opensource-src Ubuntu artful *
Qtwebkit-opensource-src Ubuntu bionic *
Qtwebkit-opensource-src Ubuntu cosmic *
Qtwebkit-opensource-src Ubuntu devel *
Qtwebkit-opensource-src Ubuntu disco *
Qtwebkit-opensource-src Ubuntu eoan *
Qtwebkit-opensource-src Ubuntu esm-apps/bionic *
Qtwebkit-opensource-src Ubuntu esm-apps/focal *
Qtwebkit-opensource-src Ubuntu esm-apps/jammy *
Qtwebkit-opensource-src Ubuntu esm-apps/noble *
Qtwebkit-opensource-src Ubuntu esm-infra/xenial *
Qtwebkit-opensource-src Ubuntu focal *
Qtwebkit-opensource-src Ubuntu groovy *
Qtwebkit-opensource-src Ubuntu hirsute *
Qtwebkit-opensource-src Ubuntu impish *
Qtwebkit-opensource-src Ubuntu jammy *
Qtwebkit-opensource-src Ubuntu kinetic *
Qtwebkit-opensource-src Ubuntu lunar *
Qtwebkit-opensource-src Ubuntu mantic *
Qtwebkit-opensource-src Ubuntu noble *
Qtwebkit-opensource-src Ubuntu trusty *
Qtwebkit-opensource-src Ubuntu upstream *
Qtwebkit-opensource-src Ubuntu xenial *
Qtwebkit-source Ubuntu artful *
Qtwebkit-source Ubuntu bionic *
Qtwebkit-source Ubuntu cosmic *
Qtwebkit-source Ubuntu disco *
Qtwebkit-source Ubuntu esm-apps/bionic *
Qtwebkit-source Ubuntu esm-apps/xenial *
Qtwebkit-source Ubuntu trusty *
Qtwebkit-source Ubuntu xenial *
Webkit2gtk Ubuntu artful *
Webkit2gtk Ubuntu bionic *
Webkit2gtk Ubuntu upstream *
Webkit2gtk Ubuntu xenial *
Webkitgtk Ubuntu artful *
Webkitgtk Ubuntu bionic *
Webkitgtk Ubuntu cosmic *
Webkitgtk Ubuntu esm-apps/bionic *
Webkitgtk Ubuntu esm-apps/xenial *
Webkitgtk Ubuntu trusty *
Webkitgtk Ubuntu xenial *

Extended Description

The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw. The simplest way data corruption may occur involves the system’s reuse of the freed memory. Use-after-free errors have two common and sometimes overlapping causes:

In this scenario, the memory in question is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. As the data is changed, it corrupts the validly used memory; this induces undefined behavior in the process. If the newly allocated data happens to hold a class, in C++ for example, various function pointers may be scattered within the heap data. If one of these function pointers is overwritten with an address to valid shellcode, execution of arbitrary code can be achieved.

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use