CVE-2017-2519Out-of-bounds Write in Apple Iphone OS

10 documents7 sources
Severity
9.8CRITICALNVD
EPSS
9.6%
top 7.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Ghost Sqlite3Apple Iphone OSApple MAC OS X+3 more
Timeline
PublishedMay 22
Latest updateMay 13

Description

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDapple/tvos< 10.2.1
NVDapple/watchos< 3.2.2
NVDapple/mac_os_x< 10.12.5
NVDapple/iphone_os< 10.3.2
Debianghost/sqlite3< 3.16.0-1+3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-q5c7-pq55-4q3p: An issue was discovered in certain Apple products2022-05-13
CVEList
CVE-2017-2519: An issue was discovered in certain Apple products2017-05-22
OSV
CVE-2017-2519: An issue was discovered in certain Apple products2017-05-22

📋Vendor Advisories

6
Ubuntu
SQLite vulnerabilities2019-06-19
Apple
CVE-2017-2519: macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite2017-05-15
Apple
CVE-2017-2519: watchOS 3.2.22017-05-15
Apple
CVE-2017-2519: tvOS 10.2.12017-05-15
Apple
CVE-2017-2519: iOS 10.3.22017-05-15
CVE-2017-2519 — Out-of-bounds Write in Apple Iphone OS | cvebase