CVE-2017-2520
Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 22 May 2017, 04:54
Last modified:05 Aug 2024, 13:55
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.0 (nvd)
EPSS Score
10.61% MEDIUM
11% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
22 May 2017, 04:54
Published
Vulnerability first disclosed
05 Aug 2024, 13:55
Last Modified
Vulnerability information updated
Description
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
CVSS Metrics
- v3.0•CRITICAL•Score: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 10.61%• Percentile: 93%
Techniques & Countermeasures
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Affected Systems
- apple•iphone_os
< 10.3.2
- apple•mac_os_x
< 10.12.5
- apple•tvos
< 10.2.1
- apple•watchos
< 3.2.2
- debian•debian_linux
8.0
References (8)
- http://www.securitytracker.com/id/1038484
- https://support.apple.com/HT207797
- https://support.apple.com/HT207800
- https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html
- http://www.securityfocus.com/bid/98468
- https://support.apple.com/HT207798
- https://support.apple.com/HT207801
- https://usn.ubuntu.com/4019-1/