CVE-2010-1777 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Itunes

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-732 — Incorrect Permission Assignment7 documents4 sources

Severity

9.3CRITICALNVD

EPSS

2.9%

top 13.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes

Timeline

PublishedJul 30

Latest updateMay 17

Description

Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/itunes9.2+66

Patches

Patch: support.apple.com ↗Patch: support.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-gmfw-pf7r-rv62: Buffer overflow in Apple iTunes before 9↗2022-05-17

▶

📋Vendor Advisories

Red Hat

kernel: Driver-Core: devtmpfs - set root directory mode to 0755↗2009-10-30

▶

💬Community

Bugzilla

CVE-2010-0299 kernel: Driver-Core: devtmpfs - set root directory mode to 0755↗2010-01-26

▶