CVE-2015-3027 — Apple Xcode vulnerability

CWE-2644 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 45.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Xcode

Timeline

PublishedApr 10

Latest updateMay 17

Description

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/xcode6.2

🔴Vulnerability Details

GHSA

GHSA-8ghm-9gv2-jj69: Clang in LLVM, as used in Apple Xcode before 6↗2022-05-17

▶

CVEList

CVE-2015-3027: Clang in LLVM, as used in Apple Xcode before 6↗2015-04-10

▶

OSV

CVE-2015-3027: Clang in LLVM, as used in Apple Xcode before 6↗2015-04-10

▶