CVE-2019-8840
First published: Tue Dec 10 2019(Updated: )
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges.
Credit: Pan ZhenPeng @Peterpan0927 Qihoo 360 Nirvan Team product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Xcode | <11.3 | 11.3 |
| Apple Xcode | <11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT210796 (Advisory)
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2019-8840.
What is the severity rating of CVE-2019-8840?
CVE-2019-8840 has a severity rating of 8.8 (high).
What is the affected software for CVE-2019-8840?
The affected software is Apple Xcode version up to exclusive 11.3.
How can I fix CVE-2019-8840?
The vulnerability is fixed in Xcode 11.3, so updating to that version or later will resolve the issue.
Can arbitrary code execution occur with user privileges?
Yes, compiling with untrusted sources may lead to arbitrary code execution with user privileges.
- collector/apple-support
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/trending
- vendor/apple
- canonical/apple xcode