CVE-2013-5184 — Channel Accessible by Non-Endpoint in Apple MAC OS X

CWE-399 CWE-300 — Channel Accessible by Non-Endpoint CWE-319 — Cleartext Transmission of Sensitive Info4 documents4 sources

Severity

5.7MEDIUMNVD

EPSS

0.2%

top 58.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Msrc Azl3 Golang 1.24.3-1 ON Azure Linux 3.0 Msrc Cbl2 Golang 1.18.8-7 ON CBL Mariner 2.0 +2 more

Timeline

PublishedOct 24

Latest updateMay 17

Description

The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area.

CVSS vector

AV:A/AC:M/C:N/I:N/A:CExploitability: 5.5 | Impact: 6.9

Affected Packages5 packages

▶NVDapple/mac_os_x10.8.5+6

▶msrcmsrc/azl3_golang_1.24.3-1_on_azure_linux_3.0

▶msrcmsrc/cbl2_golang_1.18.8-7_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_golang_1.22.7-3_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_msft-golang_1.24.1-2_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-rrjj-mw48-hvmw: The kernel in Apple Mac OS X before 10↗2022-05-17

▶

📋Vendor Advisories

Microsoft

An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. Th↗2017-10-10

▶

Red Hat

golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting↗2017-10-04

▶