CVE-2016-1830Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 44.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple Iphone OSApple MAC OS XApple Tvos+3 more
Timeline
PublishedMay 20
Latest updateMay 14

Description

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1829.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

NVDapple/tvos< 9.2.1
NVDapple/watchos< 2.2.1
Appleapple/tvos9.2.1
Appleapple/watchos2.2.1

🔴Vulnerability Details

4
GHSA
GHSA-h8j4-x589-fv2p: The kernel in Apple iOS before 92022-05-14
GHSA
GHSA-wpq6-226c-pxw4: The kernel in Apple iOS before 92022-05-14
GHSA
GHSA-jm76-99qf-596j: The kernel in Apple iOS before 92022-05-14
GHSA
GHSA-768f-8465-rm78: The kernel in Apple iOS before 92022-05-14

📋Vendor Advisories

4
Apple
CVE-2016-1830: watchOS 2.2.1
Apple
CVE-2016-1830: OS X El Capitan v10.11.5 and Security Update 2016-003
Apple
CVE-2016-1830: iOS 9.3.2
Apple
CVE-2016-1830: tvOS 9.2.1

💬Community

2
Bugzilla
CVE-2016-3088 activemq: Fileserver web application vulnerability allowing RCE2016-05-24
Bugzilla
CVE-2016-3108 pulp: Insecure temporary file used when generating certificate for Pulp Nodes2016-04-11