VDB
CVE-2018-4386
CVE-2018-4386
PUBLISHED
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
EPSS 26.71% · 96.5th percentile
Risk Scores
EPSS Score
26.71%
96.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | qtwebkit-source | 2.3.2-0ubuntu13, 0 |
| Ubuntu:16.04:LTS | webkitgtk | 2.4.11-0ubuntu0.1, 2.4.9-2ubuntu2, 2.4.10-0ubuntu1 |
| Ubuntu:16.04:LTS | qtwebkit-source | 2.3.2-0ubuntu10, 2.3.2-0ubuntu11, 0 |
| Ubuntu:24.04:LTS | qtwebkit-opensource-src | 5.212.0~alpha4-34ubuntu4, 5.212.0~alpha4-36, * |
| Ubuntu:16.04:LTS | qtwebkit-opensource-src | 5.5.1+dfsg-2ubuntu1, 5.4.2+dfsg-1ubuntu2.1, 0 |
| Ubuntu:20.04:LTS | qtwebkit-opensource-src | *, 5.212.0~alpha4-1ubuntu2.1, 0 |
| Ubuntu:18.04:LTS | webkit2gtk | 2.22.2-0ubuntu0.18.04.2, 0, 2.18.0-2 |
| Ubuntu:22.04:LTS | qtwebkit-opensource-src | *, 5.212.0~alpha4-15ubuntu1, 5.212.0~alpha4-14ubuntu2 |
| Ubuntu:16.04:LTS | webkit2gtk | 2.20.3-0ubuntu0.16.04.1, 2.8.5+dfsg1-3, 2.10.3+dfsg1-1 |
| Ubuntu:18.04:LTS | webkitgtk | 2.4.11-3ubuntu3, 2.4.11-3ubuntu2, 2.4.11-3 |
| Ubuntu:18.04:LTS | qtwebkit-opensource-src | 0, 5.9.1+dfsg-5ubuntu1, 5.9.1+dfsg-5ubuntu3 |
Exploit Intelligence
- A Writeup for Sleirsgoevy's version of the Exploit Implementation of CVE-2018-4386 by Fire30 called Bad_Hoist (github-poc-repo)
- A Writeup for Sleirsgoevy's version of the Exploit Implementation of CVE-2018-4386 by Fire30 called Bad_Hoist (github-poc-repo)
- A Writeup for Sleirsgoevy's version of the Exploit Implementation of CVE-2018-4386 by Fire30 called Bad_Hoist (github-poc-repo)
- A Writeup for Sleirsgoevy's version of the Exploit Implementation of CVE-2018-4386 by Fire30 called Bad_Hoist (github-poc-repo)
- A Writeup for Sleirsgoevy's version of the Exploit Implementation of CVE-2018-4386 by Fire30 called Bad_Hoist (github-poc-repo)
- A Writeup for Sleirsgoevy's version of the Exploit Implementation of CVE-2018-4386 by Fire30 called Bad_Hoist (github-poc-repo)
- A Writeup for Sleirsgoevy's version of the Exploit Implementation of CVE-2018-4386 by Fire30 called Bad_Hoist (github-poc-repo)
- A Writeup for Sleirsgoevy's version of the Exploit Implementation of CVE-2018-4386 by Fire30 called Bad_Hoist (github-poc)
- A Writeup for Sleirsgoevy's version of the Exploit Implementation of CVE-2018-4386 by Fire30 called Bad_Hoist (github-poc)
- A Writeup for Sleirsgoevy's version of the Exploit Implementation of CVE-2018-4386 by Fire30 called Bad_Hoist (github-poc)
…and 10 more exploits
Timeline
- Oct 31, 2018 CVE Published
- Nov 29, 2018 PoC Published
- Nov 30, 2018 PoC Published
- Jan 8, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-4386 third-party-advisory
- https://webkitgtk.org/security/WSA-2018-0008.html third-party-advisory
- https://ubuntu.com/security/notices/USN-3828-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-4386 third-party-advisory