To fix this, developers should better validate input parameters, use mitigations such as XSS filter or content inspection, or implement rate limiting. This issue is addressed by improved input validation. A maliciously crafted URL can cause denial of service. To avoid this, applications should filter URLs that appear to come from a trusted source. This issue is fixed in macOS High Sierra 10.13.6, Security Update 2018-001 Sierra, iOS 12.1, watchOS 5.1.1, and macOS Mojave 10.14. An attacker with a privileged network position can forge HTTP/2 responses to inject arbitrary code. To protect against this, apps should verify the remote host of an incoming connection.
CVE-2019-3860
The above issue is fixed in macOS Mojave 10.14. An attacker with a privileged network position can forge HTTP/2 responses to inject arbitrary code. To protect against this, apps should verify the remote host of an incoming connection.
CVE-2023-32838
To protect against this, apps should verify the remote host of an incoming connection.
MITIGATION: Verify remote host
To protect against this, apps should verify the remote host of an incoming connection.
This issue is fixed in macOS High Sierra 10.13.6, Security Update 2018-001 Sierra, iOS 12.1, watchOS 5.1.1, and macOS Mojave 10.14. An attacker with a privileged network position can forge HTTP/2 responses to inject arbitrary code. To protect against this, apps should verify the remote host of an incoming connection.
Timeline
Published on: 08/24/2022 20:15:00 UTC
Last modified on: 08/29/2022 15:50:00 UTC
References
- https://support.apple.com/en-us/HT213344
- https://support.apple.com/en-us/HT213345
- https://support.apple.com/en-us/HT213342
- https://support.apple.com/en-us/HT213343
- https://support.apple.com/en-us/HT213340
- https://support.apple.com/en-us/HT213346
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32839