Apple Xcode up to 12.5.1 IDE Xcode Server resource consumption
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.0 | $0-$5k | 0.00 |
A vulnerability has been found in Apple Xcode up to 12.5.1 (Programming Tool Software) and classified as problematic. Affected by this vulnerability is an unknown functionality of the component IDE Xcode Server. The CWE definition for the vulnerability is CWE-400. The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. The impact remains unknown.
The weakness was presented 09/20/2021 as HT212818 as confirmed advisory (Website). It is possible to read the advisory at support.apple.com. This vulnerability is known as CVE-2018-16844. The technical details are unknown and an exploit is not publicly available. The advisory points out:
Multiple issues in nginx
Upgrading to version 13.0 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The advisory contains the following remark:
Multiple issues were addressed by updating nginx to version 1.21.0.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.1VulDB Meta Temp Score: 6.0
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔍
CNA Base Score: 5.3
CNA Vector (Red Hat, Inc.): 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Resource consumptionCWE: CWE-400 / CWE-404
ATT&CK: Unknown
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Xcode 13.0
Timeline
09/11/2018 🔍09/20/2021 🔍
09/20/2021 🔍
09/21/2021 🔍
09/30/2021 🔍
Sources
Vendor: apple.comAdvisory: HT212818
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2018-16844 (🔍)
SecurityTracker: 1042038
SecurityFocus: 105868
Entry
Created: 09/21/2021 12:46Updated: 09/30/2021 23:39
Changes: 09/21/2021 12:46 (17), 09/21/2021 12:49 (28), 09/30/2021 23:20 (5), 09/30/2021 23:30 (30), 09/30/2021 23:39 (1)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.