CVE-2015-1105Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation6 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
6.2%
top 9.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple Iphone OSApple MAC OS XApple Tvos+4 more
Timeline
PublishedApr 10
Latest updateMay 14

Description

The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages7 packages

NVDapple/tvos7.1
NVDapple/mac_os_x10.10.2
Appleapple/ios8.3
Appleapple/apple_tv7.2

🔴Vulnerability Details

1
GHSA
GHSA-xf93-g9r9-rgm3: The TCP implementation in the kernel in Apple iOS before 82022-05-14

📋Vendor Advisories

4
Apple
CVE-2015-1105: Apple TV 7.2
Apple
CVE-2015-1105: iOS 8.3
Apple
CVE-2015-1105: OS X Yosemite v10.10.3 and Security Update 2015-004
Apple
CVE-2015-1105: Watch OS 1.0.1