CVE-2015-3717 — Classic Buffer Overflow in Apple Iphone OS

CWE-120 — Classic Buffer Overflow7 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.9%

top 16.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Sqlite +6 more

Timeline

PublishedJul 3

Latest updateMay 13

Description

Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages9 packages

▶NVDsqlite/sqlite< 3.8.9

▶NVDapple/mac_os_x< 10.10.4

▶NVDapple/iphone_os< 8.4

▶Appleapple/ios8.4

▶Appleapple/itunes12.6

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-32vr-rgc3-2ccm: Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8↗2022-05-13

▶

📋Vendor Advisories

Microsoft

CVE-2015-3717: NIST NVD Details: https://nvd↗2020-09-08

▶

Apple

CVE-2015-3717: iTunes 12.6↗2017-03-21

▶

Apple

CVE-2015-3717: iTunes 12.6 for Windows↗2017-03-21

▶

Apple

CVE-2015-3717: iOS 8.4↗

▶

Apple

CVE-2015-3717: OS X Yosemite v10.10.4 and Security Update 2015-005↗

▶