CVE-2011-0164 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Itunes

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

7.6HIGHNVD

EPSS

0.7%

top 26.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes

Timeline

PublishedMar 3

Latest updateMay 17

Description

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/itunes10.1.2+64

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-566x-j6xr-gx85: WebKit, as used in Apple iTunes before 10↗2022-05-17

▶

OSV

CVE-2011-0164: WebKit, as used in Apple iTunes before 10↗2011-03-03

▶

📋Vendor Advisories

Red Hat

MySQL: mysqld DoS (assertion failure) by alternate reads from two indexes on a table using the HANDLER interface (MySQL bug #54007)↗2010-07-09

▶