This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NApple Swift
APPApple< 5.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2022-1642HIGH7.5ten sam produkt
A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially ...
CVE-2020-9861HIGH7.5ten sam produkt
A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for ...
CVE-2018-4220HIGH8.8ten sam produkt
An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. Th...
CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam vendor
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu