CVE-2013-3955Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation2 documents2 sources
Severity
6.2MEDIUMNVD
EPSS
0.1%
top 82.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Iphone OS
Timeline
PublishedJun 5
Latest updateMay 17

Description

The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages1 packages

NVDapple/iphone_os10 versions+9

🔴Vulnerability Details

1
GHSA
GHSA-cjq5-h4gf-54rv: The get_xattrinfo function in the XNU kernel in Apple iOS 52022-05-17
CVE-2013-3955 — Improper Input Validation in Apple | cvebase