CVE-2013-0964Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation2 documents2 sources
Severity
3.6LOWNVD
EPSS
0.1%
top 80.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple Tvos
Timeline
PublishedJan 29
Latest updateMay 14

Description

The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.

CVSS vector

AV:L/AC:L/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

NVDapple/tvos5.1.1+27
NVDapple/iphone_os6.0.2+2

🔴Vulnerability Details

1
GHSA
GHSA-599w-q86m-78mc: The kernel in Apple iOS before 62022-05-14