Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0105Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple MAC OS X

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents6 sources
Severity
4.9MEDIUMNVD
NVD4.7
EPSS
0.3%
top 45.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
8
Apple MAC OS XMsrc Microsoft Office 2010 Service Pack 2Msrc Microsoft Office Compatibility Pack Service Pack 3+5 more
Timeline
PublishedApr 27
Latest updateMay 17

Description

The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages8 packages

NVDapple/mac_os_x7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-wghh-9cwm-cgm9: Apple Mac OS X 102022-05-17
GHSA
GHSA-m3r9-2fp3-p448: The hfs implementation in Apple Mac OS X 102022-05-02

💥Exploits & PoCs

3
Exploit-DB
Apple Mac OSX 10.11 - FTS Deep Structure of the FileSystem Buffer Overflow2015-12-09
Exploit-DB
Apple Mac OSX 10.9 - Hard Link Memory Corruption2014-04-08
Exploit-DB
Apple Mac OSX 10.6 - HFS FileSystem (Denial of Service)2010-04-24

📋Vendor Advisories

4
Microsoft
Microsoft Office Information Disclosure Vulnerability2017-03-14
Red Hat
cacti: multiple command injection flaws (BONSAI-2010-0105)2010-05-20
Red Hat
CVE-2010-0105: The hfs implementation in Apple Mac OS X 10
Red Hat
CVE-2013-6799: Apple Mac OS X 10

💬Community

2
Bugzilla
CVE-2010-1645 cacti: multiple command injection flaws (BONSAI-2010-0105)2010-06-29
Bugzilla
CVE kernel non-issue statements2010-05-13