{"api_version":"1","generated_at":"2026-05-15T11:57:51+00:00","cve":"CVE-2019-6213","urls":{"html":"https://cve.report/CVE-2019-6213","api":"https://cve.report/api/cve/CVE-2019-6213.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-6213","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-6213"},"summary":{"title":"CVE-2019-6213","description":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2019-03-05 16:29:00","updated_at":"2019-03-06 14:13:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/106739","name":"106739","refsource":"BID","tags":["Third Party Advisory"],"title":"Apple macOS/watchOS/iOS/tvOS Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://support.apple.com/HT209446","name":"https://support.apple.com/HT209446","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT209448","name":"https://support.apple.com/HT209448","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of watchOS 5.1.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT209447","name":"https://support.apple.com/HT209447","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of tvOS 12.1.2 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT209443","name":"https://support.apple.com/HT209443","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of iOS 12.1.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/46300/","name":"46300","refsource":"EXPLOIT-DB","tags":["Exploit","Third Party Advisory"],"title":"macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics - Multiple dos Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-6213","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6213","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"6213","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6213","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6213","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6213","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6213","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tv_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6213","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tv_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6213","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6213","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"product-security@apple.com","ID":"CVE-2019-6213","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"iOS","version":{"version_data":[{"version_affected":"<","version_value":"iOS 12.1.3"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_value":"macOS Mojave 10.14.3"}]}},{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_value":"tvOS 12.1.2"}]}},{"product_name":"watchOS","version":{"version_data":[{"version_affected":"<","version_value":"watchOS 5.1.3"}]}}]},"vendor_name":"Apple"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"An application may be able to execute arbitrary code with kernel privileges"}]}]},"references":{"reference_data":[{"name":"https://support.apple.com/HT209446","refsource":"CONFIRM","url":"https://support.apple.com/HT209446"},{"name":"https://support.apple.com/HT209443","refsource":"CONFIRM","url":"https://support.apple.com/HT209443"},{"name":"https://support.apple.com/HT209448","refsource":"CONFIRM","url":"https://support.apple.com/HT209448"},{"name":"106739","refsource":"BID","url":"http://www.securityfocus.com/bid/106739"},{"name":"46300","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/46300/"},{"name":"https://support.apple.com/HT209447","refsource":"CONFIRM","url":"https://support.apple.com/HT209447"}]}},"nvd":{"publishedDate":"2019-03-05 16:29:00","lastModifiedDate":"2019-03-06 14:13:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.14.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tv_os:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"6213","Ordinal":"143884","Title":"CVE-2019-6213","CVE":"CVE-2019-6213","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"6213","Ordinal":"1","NoteData":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"6213","Ordinal":"2","NoteData":"2019-03-05","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"6213","Ordinal":"3","NoteData":"2019-03-06","Type":"Other","Title":"Modified"}]}}}