Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2018-4204

Improper Restriction of Operations within the Bounds of a Memory Buffer

Published: Jun 08, 2018 | Modified: Mar 08, 2019
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
5 MODERATE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2018-4204
CWEhttps://cwe.mitre.org/data/definitions/119.html

An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Weakness

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Affected Software

Name Vendor Start Version End Version
Safari Apple * 11.1 (excluding)
Iphone_os Apple * 11.4 (excluding)
Tvos Apple * 11.4 (excluding)
Red Hat Enterprise Linux 7 RedHat accountsservice-0:0.6.50-2.el7 *
Red Hat Enterprise Linux 7 RedHat adwaita-icon-theme-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat appstream-data-0:7-20180614.el7 *
Red Hat Enterprise Linux 7 RedHat atk-0:2.28.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat at-spi2-atk-0:2.26.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat at-spi2-core-0:2.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat baobab-0:3.28.0-2.el7 *
Red Hat Enterprise Linux 7 RedHat bolt-0:0.4-3.el7 *
Red Hat Enterprise Linux 7 RedHat brasero-0:3.12.2-5.el7 *
Red Hat Enterprise Linux 7 RedHat cairo-0:1.15.12-3.el7 *
Red Hat Enterprise Linux 7 RedHat cheese-2:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat clutter-gst3-0:3.0.26-1.el7 *
Red Hat Enterprise Linux 7 RedHat compat-exiv2-023-0:0.23-2.el7 *
Red Hat Enterprise Linux 7 RedHat control-center-1:3.28.1-4.el7 *
Red Hat Enterprise Linux 7 RedHat dconf-0:0.28.0-4.el7 *
Red Hat Enterprise Linux 7 RedHat dconf-editor-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat devhelp-1:3.28.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat ekiga-0:4.0.1-8.el7 *
Red Hat Enterprise Linux 7 RedHat empathy-0:3.12.13-1.el7 *
Red Hat Enterprise Linux 7 RedHat eog-0:3.28.3-1.el7 *
Red Hat Enterprise Linux 7 RedHat evince-0:3.28.2-5.el7 *
Red Hat Enterprise Linux 7 RedHat evolution-0:3.28.5-2.el7 *
Red Hat Enterprise Linux 7 RedHat evolution-data-server-0:3.28.5-1.el7 *
Red Hat Enterprise Linux 7 RedHat evolution-ews-0:3.28.5-1.el7 *
Red Hat Enterprise Linux 7 RedHat evolution-mapi-0:3.28.3-2.el7 *
Red Hat Enterprise Linux 7 RedHat file-roller-0:3.28.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat flatpak-0:1.0.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat folks-1:0.11.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat fontconfig-0:2.13.0-4.3.el7 *
Red Hat Enterprise Linux 7 RedHat freetype-0:2.8-12.el7 *
Red Hat Enterprise Linux 7 RedHat fribidi-0:1.0.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat fwupd-0:1.0.8-4.el7 *
Red Hat Enterprise Linux 7 RedHat fwupdate-0:12-5.el7 *
Red Hat Enterprise Linux 7 RedHat gcr-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gdk-pixbuf2-0:2.36.12-3.el7 *
Red Hat Enterprise Linux 7 RedHat gdm-1:3.28.2-9.el7 *
Red Hat Enterprise Linux 7 RedHat gedit-2:3.28.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat gedit-plugins-0:3.28.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat geoclue2-0:2.4.8-1.el7 *
Red Hat Enterprise Linux 7 RedHat geocode-glib-0:3.26.0-2.el7 *
Red Hat Enterprise Linux 7 RedHat gjs-0:1.52.3-1.el7 *
Red Hat Enterprise Linux 7 RedHat glade-0:3.22.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat glib2-0:2.56.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat glibmm24-0:2.56.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat glib-networking-0:2.56.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-backgrounds-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-bluetooth-1:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-boxes-0:3.28.5-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-calculator-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-clocks-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-color-manager-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-contacts-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-desktop3-0:3.28.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-devel-docs-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-dictionary-0:3.26.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-disk-utility-0:3.28.3-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-documents-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-font-viewer-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-getting-started-docs-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-initial-setup-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-keyring-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-online-accounts-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-online-miners-0:3.26.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-packagekit-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-screenshot-0:3.26.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-session-0:3.28.1-5.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-settings-daemon-0:3.28.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-shell-0:3.28.3-6.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-shell-extensions-0:3.28.1-5.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-software-0:3.28.2-3.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-system-monitor-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-terminal-0:3.28.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-themes-standard-0:3.28-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-tweak-tool-0:3.28.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-user-docs-0:3.28.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gnote-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat gobject-introspection-0:1.56.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat gom-0:0.3.3-1.el7 *
Red Hat Enterprise Linux 7 RedHat google-noto-emoji-fonts-0:20180508-4.el7 *
Red Hat Enterprise Linux 7 RedHat grilo-0:0.3.6-1.el7 *
Red Hat Enterprise Linux 7 RedHat grilo-plugins-0:0.3.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat gsettings-desktop-schemas-0:3.28.0-2.el7 *
Red Hat Enterprise Linux 7 RedHat gspell-0:1.6.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat gssdp-0:1.0.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat gstreamer1-plugins-base-0:1.10.4-2.el7 *
Red Hat Enterprise Linux 7 RedHat gtk3-0:3.22.30-3.el7 *
Red Hat Enterprise Linux 7 RedHat gtk-doc-0:1.28-2.el7 *
Red Hat Enterprise Linux 7 RedHat gtksourceview3-0:3.24.8-1.el7 *
Red Hat Enterprise Linux 7 RedHat gucharmap-0:10.0.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat gupnp-0:1.0.2-5.el7 *
Red Hat Enterprise Linux 7 RedHat gupnp-igd-0:0.2.5-2.el7 *
Red Hat Enterprise Linux 7 RedHat gvfs-0:1.36.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat harfbuzz-0:1.7.5-2.el7 *
Red Hat Enterprise Linux 7 RedHat json-glib-0:1.4.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat libappstream-glib-0:0.7.8-2.el7 *
Red Hat Enterprise Linux 7 RedHat libchamplain-0:0.12.16-2.el7 *
Red Hat Enterprise Linux 7 RedHat libcroco-0:0.6.12-4.el7 *
Red Hat Enterprise Linux 7 RedHat libgdata-0:0.17.9-1.el7 *
Red Hat Enterprise Linux 7 RedHat libgee-0:0.20.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat libgepub-0:0.6.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat libgexiv2-0:0.10.8-1.el7 *
Red Hat Enterprise Linux 7 RedHat libgnomekbd-0:3.26.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat libgovirt-0:0.3.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat libgtop2-0:2.38.0-3.el7 *
Red Hat Enterprise Linux 7 RedHat libgweather-0:3.28.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat libgxps-0:0.3.0-4.el7 *
Red Hat Enterprise Linux 7 RedHat libical-0:3.0.3-2.el7 *
Red Hat Enterprise Linux 7 RedHat libjpeg-turbo-0:1.2.90-6.el7 *
Red Hat Enterprise Linux 7 RedHat libmediaart-0:1.9.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat libosinfo-0:1.1.0-2.el7 *
Red Hat Enterprise Linux 7 RedHat libpeas-0:1.22.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat librsvg2-0:2.40.20-1.el7 *
Red Hat Enterprise Linux 7 RedHat libsecret-0:0.18.6-1.el7 *
Red Hat Enterprise Linux 7 RedHat libsoup-0:2.62.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat libwnck3-0:3.24.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat mozjs52-0:52.9.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat mutter-0:3.28.3-4.el7 *
Red Hat Enterprise Linux 7 RedHat nautilus-0:3.26.3.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat nautilus-sendto-1:3.8.6-1.el7 *
Red Hat Enterprise Linux 7 RedHat openchange-0:2.3-3.el7 *
Red Hat Enterprise Linux 7 RedHat osinfo-db-0:20180531-1.el7 *
Red Hat Enterprise Linux 7 RedHat PackageKit-0:1.1.10-1.el7 *
Red Hat Enterprise Linux 7 RedHat pango-0:1.42.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat poppler-0:0.26.5-20.el7 *
Red Hat Enterprise Linux 7 RedHat pyatspi-0:2.26.0-3.el7 *
Red Hat Enterprise Linux 7 RedHat redhat-logos-0:70.0.3-7.el7 *
Red Hat Enterprise Linux 7 RedHat rest-0:0.8.1-2.el7 *
Red Hat Enterprise Linux 7 RedHat rhythmbox-0:3.4.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat seahorse-nautilus-0:3.11.92-11.el7 *
Red Hat Enterprise Linux 7 RedHat shotwell-0:0.28.4-1.el7 *
Red Hat Enterprise Linux 7 RedHat sushi-0:3.28.3-1.el7 *
Red Hat Enterprise Linux 7 RedHat totem-1:3.26.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat totem-pl-parser-0:3.26.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat upower-0:0.99.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat vala-0:0.40.8-1.el7 *
Red Hat Enterprise Linux 7 RedHat vino-0:3.22.0-7.el7 *
Red Hat Enterprise Linux 7 RedHat vte291-0:0.52.2-2.el7 *
Red Hat Enterprise Linux 7 RedHat wayland-0:1.15.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat wayland-protocols-0:1.14-1.el7 *
Red Hat Enterprise Linux 7 RedHat webkitgtk4-0:2.20.5-1.el7 *
Red Hat Enterprise Linux 7 RedHat xdg-desktop-portal-0:1.0.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat xdg-desktop-portal-gtk-0:1.0.2-1.el7 *
Red Hat Enterprise Linux 7 RedHat yelp-2:3.28.1-1.el7 *
Red Hat Enterprise Linux 7 RedHat yelp-tools-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat yelp-xsl-0:3.28.0-1.el7 *
Red Hat Enterprise Linux 7 RedHat zenity-0:3.28.1-1.el7 *
Qtwebkit Ubuntu eoan *
Qtwebkit-opensource-src Ubuntu artful *
Qtwebkit-opensource-src Ubuntu bionic *
Qtwebkit-opensource-src Ubuntu cosmic *
Qtwebkit-opensource-src Ubuntu devel *
Qtwebkit-opensource-src Ubuntu disco *
Qtwebkit-opensource-src Ubuntu eoan *
Qtwebkit-opensource-src Ubuntu esm-apps/bionic *
Qtwebkit-opensource-src Ubuntu esm-apps/focal *
Qtwebkit-opensource-src Ubuntu esm-apps/jammy *
Qtwebkit-opensource-src Ubuntu esm-apps/noble *
Qtwebkit-opensource-src Ubuntu esm-infra/xenial *
Qtwebkit-opensource-src Ubuntu focal *
Qtwebkit-opensource-src Ubuntu groovy *
Qtwebkit-opensource-src Ubuntu hirsute *
Qtwebkit-opensource-src Ubuntu impish *
Qtwebkit-opensource-src Ubuntu jammy *
Qtwebkit-opensource-src Ubuntu kinetic *
Qtwebkit-opensource-src Ubuntu lunar *
Qtwebkit-opensource-src Ubuntu mantic *
Qtwebkit-opensource-src Ubuntu noble *
Qtwebkit-opensource-src Ubuntu trusty *
Qtwebkit-opensource-src Ubuntu upstream *
Qtwebkit-opensource-src Ubuntu xenial *
Qtwebkit-source Ubuntu artful *
Qtwebkit-source Ubuntu bionic *
Qtwebkit-source Ubuntu cosmic *
Qtwebkit-source Ubuntu disco *
Qtwebkit-source Ubuntu esm-apps/bionic *
Qtwebkit-source Ubuntu esm-apps/xenial *
Qtwebkit-source Ubuntu trusty *
Qtwebkit-source Ubuntu xenial *
Webkit2gtk Ubuntu artful *
Webkit2gtk Ubuntu upstream *
Webkit2gtk Ubuntu xenial *
Webkitgtk Ubuntu artful *
Webkitgtk Ubuntu bionic *
Webkitgtk Ubuntu cosmic *
Webkitgtk Ubuntu esm-apps/bionic *
Webkitgtk Ubuntu esm-apps/xenial *
Webkitgtk Ubuntu trusty *
Webkitgtk Ubuntu xenial *

Extended Description

Certain languages allow direct addressing of memory locations and do not automatically ensure that these locations are valid for the memory buffer that is being referenced. This can cause read or write operations to be performed on memory locations that may be associated with other variables, data structures, or internal program data. As a result, an attacker may be able to execute arbitrary code, alter the intended control flow, read sensitive information, or cause the system to crash.

Potential Mitigations

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

  • For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.

  • Be wary that a language’s interface to native code may still be subject to overflows, even if the language itself is theoretically safe.

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

  • Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.

  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.

  • Consider adhering to the following rules when allocating and managing an application’s memory:

  • Run or compile the software using features or extensions that randomly arrange the positions of a program’s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.

  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as “rebasing” (for Windows) and “prelinking” (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.

  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

  • Use a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment.

  • For more information on these techniques see D3-PSEP (Process Segment Execution Prevention) from D3FEND [REF-1336].

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use