CVE-2014-8611Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
0.1%
top 70.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple Iphone OSApple MAC OS XApple IOS 9+2 more
Timeline
PublishedSep 18
Latest updateMay 17

Description

The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages4 packages

NVDapple/mac_os_x10.10.5
NVDapple/iphone_os8.4.1
Appleapple/ios_9

Also affects: Freebsd 10.1

🔴Vulnerability Details

1
GHSA
GHSA-23qr-ww7m-6r2f: The __sflush function in fflush2022-05-17

📋Vendor Advisories

3
BSD
FreeBSD-SA-14:27.stdio: Buffer overflow in stdio2014-12-10
Apple
CVE-2014-8611: iOS 9
Apple
CVE-2014-8611: OS X El Capitan v10.11