CVE-2017-2518Use After Free in Apple Iphone OS

CWE-416Use After Free13 documents7 sources
Severity
9.8CRITICALNVD
OSV5.9
EPSS
23.3%
top 4.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Ghost Sqlite3Apple Iphone OSApple MAC OS X+3 more
Timeline
PublishedMay 22
Latest updateMay 13

Description

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDapple/tvos< 10.2.1
NVDapple/watchos< 3.2.2
NVDapple/mac_os_x< 10.12.5
NVDapple/iphone_os< 10.3.2
Debianghost/sqlite3< 3.15.2-1+3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

5
GHSA
GHSA-r9rg-4m6m-xwmx: An issue was discovered in certain Apple products2022-05-13
OSV
sqlite3 vulnerabilities2019-06-19
OSV
sqlite3 vulnerabilities2019-06-19
CVEList
CVE-2017-2518: An issue was discovered in certain Apple products2017-05-22
OSV
CVE-2017-2518: An issue was discovered in certain Apple products2017-05-22

📋Vendor Advisories

7
Ubuntu
SQLite vulnerabilities2019-06-19
Ubuntu
SQLite vulnerabilities2019-06-19
Apple
CVE-2017-2518: tvOS 10.2.12017-05-15
Apple
CVE-2017-2518: iOS 10.3.22017-05-15
Apple
CVE-2017-2518: watchOS 3.2.22017-05-15
CVE-2017-2518 — Use After Free in Apple Iphone OS | cvebase