CVE-2018-4220

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-4220
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-4220.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-4220
Published
2018-06-08T18:29:01.400Z
Modified
2026-04-12T20:28:25.835774Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading.

References

Affected packages

Git / github.com/apple/swift

Affected ranges

Type
GIT
Repo
https://github.com/apple/swift
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b61523a0207d6277c0e64a354f0d9187cf85e453
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.1.1"
        }
    ]
}

Affected versions

Other
oldMerge
swift-DEVELOPMENT-SNAPSHOT-2016-01-25-a
swift-DEVELOPMENT-SNAPSHOT-2016-02-03-a
swift-DEVELOPMENT-SNAPSHOT-2016-02-08
swift-DEVELOPMENT-SNAPSHOT-2016-02-08-a
swift-DEVELOPMENT-SNAPSHOT-2016-02-25-a
swift-DEVELOPMENT-SNAPSHOT-2016-03-01-a
swift-DEVELOPMENT-SNAPSHOT-2016-03-16-a
swift-DEVELOPMENT-SNAPSHOT-2016-03-24-a
swift-DEVELOPMENT-SNAPSHOT-2017-08-14-a
swift-DEVELOPMENT-SNAPSHOT-2017-08-15-a
swift-DEVELOPMENT-SNAPSHOT-2017-08-21-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-01-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-02-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-03-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-04-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-05-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-06-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-07-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-08-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-09-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-10-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-11-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-12-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-13-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-14-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-15-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-16-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-17-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-18-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-19-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-20-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-21-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-22-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-23-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-24-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-25-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-26-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-27-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-28-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-29-a
swift-DEVELOPMENT-SNAPSHOT-2017-09-30-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-06-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-07-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-08-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-09-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-10-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-12-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-14-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-15-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-16-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-17-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-18-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-19-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-20-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-21-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-22-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-23-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-24-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-25-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-26-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-27-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-28-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-29-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-30-a
swift-DEVELOPMENT-SNAPSHOT-2017-10-31-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-01-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-02-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-03-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-04-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-05-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-06-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-07-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-08-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-09-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-13-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-14-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-16-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-21-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-22-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-23-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-24-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-25-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-26-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-27-a
swift-DEVELOPMENT-SNAPSHOT-2017-11-28-a
swift-DEVELOPMENT-SNAPSHOT-2017-12-03-a
swift-DEVELOPMENT-SNAPSHOT-2017-12-04-a
swift-2.*
swift-2.2-SNAPSHOT-2015-12-01-a
swift-2.2-SNAPSHOT-2015-12-01-b
swift-2.2-SNAPSHOT-2015-12-10-a
swift-2.2-SNAPSHOT-2015-12-18-a
swift-2.2-SNAPSHOT-2015-12-22-a
swift-2.2-SNAPSHOT-2015-12-31-a
swift-2.2-SNAPSHOT-2016-01-06-a
swift-2.2-SNAPSHOT-2016-01-11-a
swift-4.*
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-07-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-08-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-09-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-10-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-11-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-12-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-13-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-14-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-15-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-16-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-17-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-18-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-19-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-20-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-21-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-22-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-23-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-24-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-25-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-27-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-28-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-29-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2017-12-30-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-10-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-11-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-12-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-13-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-14-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-15-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-17-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-18-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-22-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-23-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-25-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-26-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-27-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-28-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-29-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-01-30-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-01-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-06-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-07-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-08-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-13-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-14-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-15-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-16-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-17-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-18-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-19-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-20-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-21-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-22-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-23-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-24-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-25-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-26-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-27-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-02-28-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-01-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-02-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-03-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-04-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-05-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-06-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-07-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-08-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-09-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-10-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-11-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-12-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-13-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-14-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-15-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-16-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-17-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-18-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-19-a
swift-4.1-DEVELOPMENT-SNAPSHOT-2018-03-20-a
swift-4.1-RELEASE

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-4220.json"
vanir_signatures_modified 
"2026-04-12T20:28:25Z"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/apple/swift/commit/b61523a0207d6277c0e64a354f0d9187cf85e453",
        "digest": {
            "function_hash": "265955098139312753026840419377700005648",
            "length": 214.0
        },
        "id": "CVE-2018-4220-3923cbd9",
        "deprecated": false,
        "target": {
            "file": "lib/Basic/Version.cpp",
            "function": "getSwiftFullVersion"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/apple/swift/commit/b61523a0207d6277c0e64a354f0d9187cf85e453",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "1796450109439206812300957329771678800",
                "276841013234405574054417792570126729615",
                "124674513808532008237135124683863742925",
                "150097780742484238016989027862275115710"
            ]
        },
        "id": "CVE-2018-4220-58b1c816",
        "deprecated": false,
        "target": {
            "file": "lib/Basic/Version.cpp"
        }
    }
]