CVE-2015-3798
published 2015-08-17CVE-2015-3798: The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
13.32%
95.9th percentile
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | apple_tv | — | — |
| apple | ios | — | — |
| apple | iphone_os | <= 8.4 | — |
| apple | mac_os_x | <= 10.10.4 | — |
| apple | os_x_yosemite_v10.10.5_and_security_update_2015-006 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2015-3798: Apple TV 7.2.1
vendor_apple·CVSS 7.5
CVE-2015-3798 [HIGH] CVE-2015-3798: Apple TV 7.2.1
Apple Security Update: About the security content of Apple TV 7.2.1
Product: Apple TV
Version: 7.2.1
CVE: CVE-2015-3798
Component: CVE-ID
Apple
CVE-2015-3798: iOS 8.4.1
vendor_apple·CVSS 7.5
CVE-2015-3798 [HIGH] CVE-2015-3798: iOS 8.4.1
Apple Security Update: About the security content of iOS 8.4.1
Product: iOS
Version: 8.4.1
CVE: CVE-2015-3798
Component: CVE-ID
Apple
CVE-2015-3798: OS X Yosemite v10.10.5 and Security Update 2015-006
vendor_apple·CVSS 7.5
CVE-2015-3798 [HIGH] CVE-2015-3798: OS X Yosemite v10.10.5 and Security Update 2015-006
Apple Security Update: About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006
Product: OS X Yosemite v10.10.5 and Security Update 2015-006
CVE: CVE-2015-3798
Component: CVE-ID
GHSA
GHSA-r4xv-4m8v-9gfg: The TRE library in Libc in Apple iOS before 8
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2015-3798 [HIGH] CWE-119 GHSA-r4xv-4m8v-9gfg: The TRE library in Libc in Apple iOS before 8
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797.
GHSA
GHSA-4mj6-cg56-cg3r: The TRE library in Libc in Apple iOS before 8
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2015-3796 [HIGH] CWE-119 GHSA-4mj6-cg56-cg3r: The TRE library in Libc in Apple iOS before 8
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798.
GHSA
GHSA-wf8m-hh27-7j8g: The TRE library in Libc in Apple iOS before 8
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2015-3797 [HIGH] CWE-119 GHSA-wf8m-hh27-7j8g: The TRE library in Libc in Apple iOS before 8
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798.
No detection rules found.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlhttp://www.securityfocus.com/bid/76343http://www.securitytracker.com/id/1033275https://code.google.com/p/google-security-research/issues/detail?id=429https://support.apple.com/kb/HT205030https://support.apple.com/kb/HT205031https://www.exploit-db.com/exploits/38262/http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlhttp://www.securityfocus.com/bid/76343http://www.securitytracker.com/id/1033275https://code.google.com/p/google-security-research/issues/detail?id=429https://support.apple.com/kb/HT205030https://support.apple.com/kb/HT205031https://www.exploit-db.com/exploits/38262/
2015-08-17
Published