CVE-2014-1271 — Improper Input Validation in Apple Iphone OS

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 46.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Tvos Juniper Junos OS

Timeline

PublishedMar 14

Latest updateMay 14

Description

CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶NVDapple/tvos6.0.2+2

▶NVDapple/iphone_os7.0.6+6

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-5vpq-jhcp-mwww: CoreCapture in Apple iOS before 7↗2022-05-14

▶

📋Vendor Advisories

Juniper

CVE-2016-1271: Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D25, 13.2 before 13.2R8, 13.3 before 13.3↗2016-04-15

▶