CVE-2007-0734 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple MAC OS X

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer2 documents2 sources

Severity

5.4MEDIUMNVD

EPSS

0.5%

top 34.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X

Timeline

PublishedApr 10

Latest updateMay 1

Description

fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption.

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 5.5 | Impact: 6.4

Affected Packages1 packages

▶NVDapple/mac_os_x11 versions+10

Patches

Patch: docs.info.apple.com ↗Patch: docs.info.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-683c-4p64-g5vf: fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802↗2022-05-01

▶