Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2386 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple MAC OS X

6 documents4 sources

Severity

10.0CRITICALNVD

NVD9.4

EPSS

74.2%

top 1.16%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X

Timeline

PublishedMay 24

Latest updateMay 1

Description

Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.

CVSS vector

AV:N/AC:L/C:C/I:N/A:CExploitability: 10.0 | Impact: 9.2

Affected Packages1 packages

▶NVDapple/mac_os_x11 versions+10

🔴Vulnerability Details

GHSA

GHSA-xrgw-2g7f-5735: Buffer overflow in mDNSResponder in Apple Mac OS X 10↗2022-05-01

▶

GHSA

GHSA-5p4c-h4w7-4mj2: Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issu↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX - mDNSResponder UPnP Location Overflow (Metasploit)↗2011-01-08

▶

Metasploit

Mac OS X mDNSResponder UPnP Location Overflow↗

▶