CVE-2013-3953 — Sensitive Information Exposure in Apple Iphone OS

CWE-200 — Sensitive Information Exposure2 documents2 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 80.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X

Timeline

PublishedJun 5

Latest updateMay 17

Description

The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.

CVSS vector

AV:L/AC:L/C:C/I:N/A:NExploitability: 3.9 | Impact: 6.9

Affected Packages2 packages

▶NVDapple/iphone_os6.1.4+47

▶NVDapple/mac_os_x5 versions+4

🔴Vulnerability Details

GHSA

GHSA-2p9g-m39j-mc8m: The mach_port_space_info function in osfmk/ipc/mach_debug↗2022-05-17

▶