Skip to main content

Watchos CVE-2019-8624

HIGH
Out-of-bounds Read (CWE-125)
2019-12-18 product-security@apple.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 18, 2019 - 18:15 nvd
HIGH 7.5

DescriptionNVD

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 5.3. A remote attacker may be able to leak memory.

AnalysisAI

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 5.3. A remote attacker may be able to leak memory. Affected products include: Apple Watchos.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2017-13861 HIGH POC
7.8 Dec 25

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authenticati

CVE-2016-0801 CRITICAL POC
9.8 Feb 07

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01

CVE-2025-31277 HIGH POC
8.8 Jul 30

WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing malici

CVE-2016-4669 HIGH POC
7.8 Feb 20

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is low attack comp

CVE-2017-2370 HIGH POC
7.8 Feb 20

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authenticati

CVE-2014-8147 HIGH POC
7.5 May 25

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in I

CVE-2017-2524 CRITICAL POC
9.8 May 22

An issue was discovered in certain Apple products. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex

CVE-2017-7047 HIGH POC
8.8 Jul 20

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2015-7112 CRITICAL POC
9.3 Dec 11

The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attacke

CVE-2017-2471 HIGH POC
8.8 Apr 02

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2022-48618 HIGH
7.0 Jan 09

The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)

CVE-2022-37434 CRITICAL POC
9.8 Aug 05

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header

Share

CVE-2019-8624 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy