CVE-2019-8626: Input Validation

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2019-8626.

Q: What is the severity of CVE-2019-8626?

The severity of CVE-2019-8626 is medium with a CVSS score of 6.5.

Q: Which software versions are affected by CVE-2019-8626?

iOS versions up to but excluding 12.3, and watchOS versions up to but excluding 5.2.1 are affected by CVE-2019-8626.

Q: How can the vulnerability be fixed?

To fix CVE-2019-8626, update to iOS 12.3 or later, or update to watchOS 5.2.1 or later.

Q: What is the impact of exploiting CVE-2019-8626?

Exploiting CVE-2019-8626 can lead to a denial of service by processing a maliciously crafted message.

Published May 13, 2019

Updated

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.

Other sources

Mail. An input validation issue was addressed with improved input validation.

Credit

natashenka(Google Project Zero)

Affected Software

4 affected componentsFixes available

Apple WatchOS<5.2.1

5.2.1

Apple iOS<12.3

12.3

Apple iPhone OS<12.3

Apple WatchOS<5.2.1

Event History

Dec 18, 2019

CVE Published

via MITRE·05:33 PM

Data Sourced

via MITRE·05:33 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2019-8626.

What is the severity of CVE-2019-8626?

The severity of CVE-2019-8626 is medium with a CVSS score of 6.5.

Which software versions are affected by CVE-2019-8626?

iOS versions up to but excluding 12.3, and watchOS versions up to but excluding 5.2.1 are affected by CVE-2019-8626.

How can the vulnerability be fixed?