Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1237Missing Release of Memory after Effective Lifetime in Apple MAC OS X

CWE-3995 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.2%
top 55.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedApr 2
Latest updateMay 2

Description

Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages2 packages

NVDapple/mac_os_x10.5.6+54
NVDapple/mac_os_x_server10.5.6+54

🔴Vulnerability Details

2
GHSA
GHSA-xqw4-hgfp-f28v: Multiple memory leaks in XNU 12282022-05-02
CVEList
CVE-2009-1237: Multiple memory leaks in XNU 12282009-04-02

💥Exploits & PoCs

2
Exploit-DB
Apple Mac OSX xnu 1228.3.13 - 'Profil' Kernel Memory Leak/Denial of Service (PoC)2009-03-23
Exploit-DB
Apple Mac OSX xnu 1228.3.13 - 'macfsstat' Local Kernel Memory Leak/Denial of Service2009-03-23
CVE-2009-1237 — Apple MAC OS X vulnerability | cvebase