CVE-2010-0500 — Improper Input Validation in Apple MAC OS X

CWE-20 — Improper Input Validation7 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 37.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedMar 30

Latest updateMay 2

Description

Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue."

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDapple/mac_os_x10.6.2+12

▶NVDapple/mac_os_x_server10.6.2+12

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-vfq8-637p-vg8j: Event Monitor in Apple Mac OS X before 10↗2022-05-02

▶

CVEList

CVE-2010-0500: Event Monitor in Apple Mac OS X before 10↗2010-03-30

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 5.0 - IDQ Path Overflow (MS01-033) (Metasploit)↗2010-06-15

▶

💬Community

Bugzilla

CVE-2010-1202 Mozilla Crashes with evidence of memory corruption↗2010-05-10

▶

Bugzilla

CVE-2010-1203 Mozilla Crashes with evidence of memory corruption↗2010-05-10

▶

Bugzilla

CVE-2009-0499,0500,0501,0502 moodle: multiple issues [F10]↗2009-02-10

▶