CVE-2015-5917 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple OS X EL Capitan V10.11

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

1.4%

top 19.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple OS X EL Capitan V10.11

Timeline

PublishedOct 9

Latest updateMay 17

Description

The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶Appleapple/os_x_el_capitan_v10.11

🔴Vulnerability Details

GHSA

GHSA-x6x4-phh7-f9mr: The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2015-5917: OS X El Capitan v10.11↗

▶